VMware Workstation Server generates a self-signed certificate. This certificate is sufficient for encryption, but it does not provide identity verification. For increased security, you should replace the default certificate with a certificate that is signed by a commercial Certificate Authority (CA).

Prerequisites

Obtain a signed certificate. Obtaining a signed certificate involves creating a certificate signing request (CSR) and sending it to a CA in accordance with the CA's enrollment process. After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate. See the instructions provided by the CA for more information.

Procedure

  1. On the host system, replace the default certificate text in the VMware SSL certificate file with the certificate text that you obtained from the CA.

    The location of the certificate file depends on the host operating system.

    Option

    Certificate File

    Windows Server 2008 R2, Windows Server 2012 R2, Windows 7, Windows 8, and Windows 10 hosts

    C:\ProgramData\VMware\SSL\rui.crt

    Note:

    You can access the SSL directory only from an elevated command prompt.

    Linux hosts

    /etc/vmware/ssl/rui.crt

  2. On the host system, replace the default private key text in the VMware SSL key file with the private key text that you obtained from the CA.

    The location of the key file depends on the host operating system.

    Option

    Certificate File

    Windows Server 2008 R2, Windows Server 2012 R2, Windows 7, Windows 8, and Windows 10 hosts

    C:\ProgramData\VMware\SSL\rui.key

    Note:

    You can access the SSL directory only from an elevated command prompt.

    Linux hosts

    /etc/vmware/ssl/rui.key

  3. Restart the host system.

    The VMware Workstation Server service restarts and begins using the new certificate.