VMware Workspace ONE Community
JimKnopf99
Commander
Commander
Jump to solution

FQDN issue after install certificate

Hi,

i have an issue that i am facing after install my own certificate. SSO Login on the website is possible.

But i get the following message.

vmidm.JPG

The certificate that i am using is build with an internal Microsoft CA. I used a SAN Certificate with all needed names and ip adresses. Also the Key Usage is the same as the original certificate.

Did someone get the same issue after implement a certificate?

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
1 Solution

Accepted Solutions
pbjork
VMware Employee
VMware Employee
Jump to solution

The certificate chain should be:

VM Cert

Intermediate Cert

ROOT Cert

..all together.

Then separate you have your private key which should be starting with ------ BEGIN RSA PRIVATE KEY -----   and  not    ------ BEGIN PRIVATE KEY -----

View solution in original post

Reply
0 Kudos
9 Replies
pbjork
VMware Employee
VMware Employee
Jump to solution

VMware Identity Manager appliance must be able to communicate with it self.. What is your appliance name vs. FQDN.. Are they different? If they are you must have a reverse proxy so vIDM can do a port 443 roundtrip to it self..

Here's a blog post I wrote many version back but it is still relevant.. https://blogs.vmware.com/horizontech/2014/10/troubleshoot-workspace-portal-setup-issues-changing-fqd...

Reply
0 Kudos
JimKnopf99
Commander
Commander
Jump to solution

Hi,

the fqdn for the appliance is the same as the fqdn in the certificate. We also did not use a load balancer in front of the ident manager.

I have that issue at the beginning. The configuration of the FQDN was showing only the NetBios Name. Not the FQDN. So i re-installed the appliance with FQDN.

Also the website is working as aspected. DNS entries for forward and reverse are working also. I did not get the message "Error connecting workspace url"

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
pbjork
VMware Employee
VMware Employee
Jump to solution

So when you deployed the appliance, the FQDN you specified in the the OVA settings your specified the FQDN?

Reply
0 Kudos
JimKnopf99
Commander
Commander
Jump to solution

yes, thats right.

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
pbjork
VMware Employee
VMware Employee
Jump to solution

When you uploaded the cert was it the whole chain? Since everything else sounds like you did it correctly I suspect the certificate.. Often people forget to upload the chain in the correct format.

Reply
0 Kudos
JimKnopf99
Commander
Commander
Jump to solution

I uploaded the chain. First, vm cert, root cert, sub cert.

After that, the private key.

The funny thing is that i did not have an issue with my cert itself. The Browser, it doesn´t matter which, is showing the correct one and it is working.

Are there certificate prerequisites? I didn´t found something about that in the documentation.

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
pbjork
VMware Employee
VMware Employee
Jump to solution

The certificate chain should be:

VM Cert

Intermediate Cert

ROOT Cert

..all together.

Then separate you have your private key which should be starting with ------ BEGIN RSA PRIVATE KEY -----   and  not    ------ BEGIN PRIVATE KEY -----

Reply
0 Kudos
JimKnopf99
Commander
Commander
Jump to solution

Hi,

i am not sure what the issue was. But i redeployed the VM, re-create the certificate and import it. Now, the issue is gone.

Maybe it was the wrong certificate order?

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
pbjork
VMware Employee
VMware Employee
Jump to solution

Yes, that is quite possible.. Glad it's all sorted now..

Reply
0 Kudos