Hi,
i have an issue that i am facing after install my own certificate. SSO Login on the website is possible.
But i get the following message.
The certificate that i am using is build with an internal Microsoft CA. I used a SAN Certificate with all needed names and ip adresses. Also the Key Usage is the same as the original certificate.
Did someone get the same issue after implement a certificate?
Frank
The certificate chain should be:
VM Cert
Intermediate Cert
ROOT Cert
..all together.
Then separate you have your private key which should be starting with ------ BEGIN RSA PRIVATE KEY ----- and not ------ BEGIN PRIVATE KEY -----
VMware Identity Manager appliance must be able to communicate with it self.. What is your appliance name vs. FQDN.. Are they different? If they are you must have a reverse proxy so vIDM can do a port 443 roundtrip to it self..
Here's a blog post I wrote many version back but it is still relevant.. https://blogs.vmware.com/horizontech/2014/10/troubleshoot-workspace-portal-setup-issues-changing-fqd...
Hi,
the fqdn for the appliance is the same as the fqdn in the certificate. We also did not use a load balancer in front of the ident manager.
I have that issue at the beginning. The configuration of the FQDN was showing only the NetBios Name. Not the FQDN. So i re-installed the appliance with FQDN.
Also the website is working as aspected. DNS entries for forward and reverse are working also. I did not get the message "Error connecting workspace url"
Frank
So when you deployed the appliance, the FQDN you specified in the the OVA settings your specified the FQDN?
yes, thats right.
Frank
When you uploaded the cert was it the whole chain? Since everything else sounds like you did it correctly I suspect the certificate.. Often people forget to upload the chain in the correct format.
I uploaded the chain. First, vm cert, root cert, sub cert.
After that, the private key.
The funny thing is that i did not have an issue with my cert itself. The Browser, it doesn´t matter which, is showing the correct one and it is working.
Are there certificate prerequisites? I didn´t found something about that in the documentation.
Frank
The certificate chain should be:
VM Cert
Intermediate Cert
ROOT Cert
..all together.
Then separate you have your private key which should be starting with ------ BEGIN RSA PRIVATE KEY ----- and not ------ BEGIN PRIVATE KEY -----
Hi,
i am not sure what the issue was. But i redeployed the VM, re-create the certificate and import it. Now, the issue is gone.
Maybe it was the wrong certificate order?
Frank
Yes, that is quite possible.. Glad it's all sorted now..