By default VMware
provides you a certificate in the .NET SSO samples directory which is not
password protected. Use this procedure to replace the certificate if you are
running Windows 10 or later.
You choose to replace the
default certificate supplied with the SDK, at
SDK/ssoclient/dotnet/cs/samples/certificate.
Prerequisites
- This procedure applies to
Windows 10 or later.
- You must have PowerShell
installed, because Makecert is deprecated.
Procedure
-
Open a PowerShell
window, running as Administrator.
Type
powershell in the task bar search field, then
right-click
Windows
PowerShell and select
Run as
Administrator.
-
Change to the .NET SSO
samples directory.
cd
installed_directory/SDK/ssoclient/dotnet/cs/samples
-
Delete the default
certificate provided by VMware.
del
*.pfx *.cer
-
Use the
New-SelfSignedCertificate
command to generate a PowerShell certificate object.
$cert
= New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -subject
"CN=*.vmware.com, OU=Ecosystem Engineering, O=`"VMware, Inc.`", L=Palo Alto,
ST=California, C=US" -KeySpec KeyExchange -KeyExportPolicy Exportable -KeyUsage
DigitalSignature
-
Create a password to
protect the certificate.
$pwd
= ConvertTo-SecureString -String 'password' -Force
-AsPlainText
-
What on earth is going
on here?
$path
= 'cert:\localmachine\my\' + $cert.thumbprint
-
Use the
Export-PfxCertificate
command to generate a certificate file from the certificate object.
Export-PfxCertificate
-cert $path -FilePath certificate\testssoclient.pfx -Password $pwd
-
Update the certificate
password used in the .NET SSO samples.
The password is used in
line 553 of the file
vmware.binding.wstrust/samltokenhelper.cs,
in the following statement:
signingCertificate.Import(certificateFile,
"password",
X509KeyStorageFlags.MachineKeySet);
-
Rebuild the SSO
solution.
What to do next
Run the .NET SSO samples,
using your new certificate.