Re: Certificate issues with client

Toolbox123 · ‎05-16-2018

Hi,

Running Horizon Client 4.7 and I noticed that when I connect internally with it (I am on a desktop), I get the certificate error in the top left corner saying “the identity of this server was not verified”. Investigating a little more and everything (HTML and client) works fine from the outside (tried on notebook and smartphones). Inside HTML works fine and it seems only some clients are seeing issues with the certificate. I tried re-installing the client and no luck. I have logged in on another machine and everything is fine there. Any ideas why some desktops have this problem?

jrodsguitar · ‎05-18-2018

Honestly this doesn't sound like a horizon client issue. It sounds like a certificate issue.

If in the Horizon client on internal clients your server is vdi.cool.local make sure your certificate reflects this in the subject. If your external cert is vdi.cool.com then make sure the cert reflects that name in the subject. It should also be installed on external clients and signed by a legitimate cert provider (Verisign/GoDaddy/ICANN/etc.)

If you use the same cert for internal and external again, make sure the names of the servers are in the subject of the cert (UCC cert for mult-domain cert).

Blog: https://powershell.house/

Toolbox123 · ‎05-22-2018

Thanks for the reply.

I was thinking certificate as well, but some clients are fine, which would rule out the cert....Also, I have the servers in the subject of the cert.

I've also tried uninstalling and re-installing the client and no luck. I've logged onto another machine and it worked for me there. All machines are in the same OU in AD.

Any other thoughts?

jrodsguitar · ‎05-22-2018

Have you verified that all the correct certs are installed on all the machines?

Also have you verified that the Horizon client settings under "Configure SSL"?.

If possible I would also try to hit your VDI site in a web browser from a machine that is not working correctly to verify if the cert is installed correctly and the site is trusted from that machine.

Blog: https://powershell.house/

Toolbox123 · ‎05-29-2018

Hi,

Sorry for the slow response.

Verified that the certs are all correct.

The horizon clients are managed by group policy so everything is good there.

We are not using VDIs right now, only Apps, so I can't test that way.

I am not going to worry about it for now. Everything works fine except seeing that error. Thanks for the help.

BenFB · ‎06-01-2018

Please verify the SSL Configuration of the Horizon Client is set to the default of "Warn before connection to untrusted servers" or "Never connect to untrusted servers". If it's set to "Do not verify server identity certificates" you will see a cert failure even if there is a valid cert.

sjesse · ‎06-01-2018

Whats the certificate say the name is ? I'd check with your networking team, I remember something about our dhcp server or a security software where we had to whitelist the mac address, otherwise the host name wasn't the correct name. If this is the case instead of your horizon environments name being listed as the common name there was a different name.

sjesse · ‎06-01-2018

And I mean from the client having the problem, if you check the certificate from somewhere not having the problem, they will look good if its what I experienced.

Toolbox123 · ‎06-01-2018

Thanks all for you help on this one.

Funny enough I upgraded to a new OS and I no longer have the issue. I'm hoping this was a one off.

Cheers.

BenFB · ‎06-03-2018

This likely had to do with the SSL Configuration of the Horizon Client being set to "Do not verify server identity certificates". You will see a cert failure even if there is a valid cert. When you changed OS and did a new install of the Horizon Client it defaulted back to "Warn before connection to untrusted servers".