Hi all,
Does anybody know how to make local CA root certificate trusted for View Access point (AP) appliance?
I am doing a new installation of Horizon View and replacing all self signet certificates for CA signed. Now I want to deploy AP and point it to a load balancer for View connection servers. Load balancer and two connection servers are all using same certificate. I put this certificate thumbprint during AP OVF deploy and AP services are starting. But I can't connect to View. In log bundle in esmanager.log I see an error:
[nioEventLoopGroup-7-1] ERROR utils.SyslogManager: HORIZON_SERVICE:CONNECTION_BROKEN:unable to query Horizon Broker: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
I did some google-ing, and find what "handshake_failure" often refers to untrusted root certificate in java keystore. I can even locate java keystore used for appliance services, but can't import nothing because it is password protected.
I also have tried to enter root certificate thumbprint during OVF deploy, but error still in place. I previously did deploy for view installation with self-signed certs and everything worked fine (So it's probably not an installation\configuration error).
Any ideas? Suggestions? Maybe password for appliance keystore?
Thanks in advance,
Mihhail
OK,
My question, my answer.
Location of trusted keystore in EUC access point appliance is
/usr/java/jre-vmware/lib/security/cacerts
Keystore password is changeit
Use keytool -import -trustcacerts -alias alias -file <location of root .cer file> -keystore cacerts -storepass changeit to import root certificate. Cert must be in X.509 format.
OK,
My question, my answer.
Location of trusted keystore in EUC access point appliance is
/usr/java/jre-vmware/lib/security/cacerts
Keystore password is changeit
Use keytool -import -trustcacerts -alias alias -file <location of root .cer file> -keystore cacerts -storepass changeit to import root certificate. Cert must be in X.509 format.