When Creating an Adapter Instance (Citrix Virtual Apps & Desktops), different levels of security can be configured. The least secure configuration is to set the SSL Configuration field in the Advanced Settings to No SSL (SSL disabled). The next level is to keep the default setting of No Verify, in which SSL is enabled, but the Management Pack will accept all SSL certificates. For added security, you can select Verify and add your SSL certificate to the vROps truststore as outlined below.
To add an SSL certificate to your vROps truststore:
- Obtain the SSL certificate for your XenDesktop host server from your Internet browser. Export the certificate as an X.509 Certificate (PEM).
- Copy the certificate to your vROps machine.
- Use ‘ssh’ to log in to the vROps machine as the root user, then run the following command:
Linux:
$VCOPS_BASE/jre/bin/keytool -import -alias <product_alias> -file /tmp/<certfile> -keystore "$VCOPS_DATA_VCOPS/user/conf/ssl/tcserver.truststore" -storepass `grep ssltruststorePassword /storage/vcops/user/conf/ssl/storePass.properties | sed s/ssltruststorePassword=//` -trustcacerts
Windows:
%VCOPS_BASE%\jre\bin\keytool -import -alias <product_alias> C:\path\to\certfile -keystore "%VCOPS_DATA_VCOPS%\user\conf\ssl\tcserver.truststore" -storepass <truststore_password> -trustcacerts
Parameter Descriptions:
- <product_alias> is a unique name for each key that you add (per host)
- <certfile> is the location where the cert file was saved
- Run the reboot command to re-start the vROps machine for the changes to take effect.