After you have imported the certificate and recorded the thumbprint, you must create the post sysprep script/batch file and copy the certificate.

Windows 7 and Later

Use post build configuration script “SetupComplete.cmd “to import the SSL certificate and configure the VMware HTML Access registry.

http://technet.microsoft.com/en-us/library/dd744268%28v=ws.10%29.aspx

For example:

  1. Copy the SSL certificate file under C: drive. For this example, the “C:\desktone_ca_cert” file.

  2. Create a file SetupComplete.cmd under "%WINDIR%\Setup\Scripts\" folder. Create “Scripts” folder if it does not exist.

  3. Add following commands in SetupComplete.cmd file. The thumbprint value is what you copied in Step 1.

    Note:

    If you have root certificate and intermediate certificates in the certificate chain, then you need to add appropriate CertUtil commands in batch file.

    CertUtil -importPFX -f -p "<password>" "C:\desktone_ca_cert.pfx"
    
    reg add "HKLM\SOFTWARE\VMware, Inc.\VMware Blast\Config" /f /v "SslHash" /t REG_SZ /d "31 2a 32 50 1a 0b 34 b1 65 46 13 a8 0a 5e f7 43 6e a9 2c 3e"
    
    del /F /Q "C:\desktone_ca_cert.pfx"
    
    del /F /Q "%systemroot%\setup\scripts\SetupComplete.cmd"
  4. Save the SetupComplete.cmd file. You can test the SetupComplete.cmd file on test machine.

Windows XP

  • Follow the Desktone post sysprep command execution approach to import the SSL certificate and configure the VMware HTML Access registry.

  • Install the Administration Tools Pack for Windows XP as the CertUtil tool is not available with the OS install.

    http://www.microsoft.com/en-us/download/details.aspx?id=16770

    For example:

    1. Copy the SSL certificate file under C: drive. For this example, the C:\desktone_ca_cert.pfx file.

    2. Create folder path C:\Sysprep\i386\$OEM$\

    3. Now create postprep-extra.bat file under C:\Sysprep\i386\$OEM$\ and add the following commands in the batch file. The thumbprint value is the one you recorded above after importing the certificate.

      Note:

      If you have root certificate and intermediate certificates in the certificate chain, then you need to add appropriate CertUtil commands in the vbatch file.

      CertUtil -importPFX -f -p "<password>" "C:\desktone_ca_cert.pfx"
      
      del /F /Q "C:\desktone_ca_cert.pfx.pfx"
      
      reg add "HKLM\SOFTWARE\VMware, Inc.\VMware Blast\Config" /f /v "SslHash" /t REG_SZ /d "31 2a 32 50 1a 0b 34 b1 65 46 13 a8 0a 5e f7 43 6e a9 2c 3e"
      
    4. Save the postprep-extra.bat file. You do not need a command to delete the batch postprep-extra.bat file as sysprep deletes the C:\Sysprep folder after successful deployment.

    You can test the SetupComplete.cmd file on the test machine.

What to do next

Convert Image to Gold Pattern or Reseal