Securing the XenDesktop® to XenServer® communications
When XenDesktop is installed on XenServer, you need to secure the communications between these two. You will need to replace the default SSL certificate on XenServer.
To replace the default certificate on XenServer, perform the following steps:
Log in to XenServer and get to a command prompt.
Modify
/etc/pki/tls/openssl.cnfas follows:Uncomment the following line:
req_extensions = v3_req
Modify the request section as follows:
[v3_req] basicConstraints = CA:FALSE keyUsage = keyEncipherment extendedKeyUsage = serverAuth
Generate a certificate request as follows:
openssl genrsa –out [servername].private 2048 openssl req –new –outform PEM –out [servername].request –keyform PEM –key [servername].private –days 1800
Here,
[servername]is the XenServer hostname.Submit the request
[servername].requestto a CA and retrieve the CA-signed certificate.Move the existing certificate as follows:
mv /etc/xensource/xapi-ssl.pem /etc/xensource/xapi-ssl.pem_orig
Add...
