VMware Horizon Community
Nelsom
Contributor
Contributor
‎04-07-2013 10:31 AM

External certificate Security server, internal certificate connection server?

Hi,

I have two Security servers with NLB in a DMZ paired with two Connection servers in our internal network. What certifictes do we need with Horizon View 5.2? And what Subject Alternative Names (SANs) need to b epresent in the certificate request? Can we use internal CA for certificates for the connection servers? Our connection servers don't have internet access, can they validate the Security servers certificate and appear green in the View Admin?

We use vdi.company.com as the Load balanced address, SS01 and SS02 for the Security servers en CS01 and CS02 foro the connection servers. We do have a working View 4.6 PCoIP gateway setup an dlike to migrate to View 5.2. We ar enot allowed to use wildcards in the certificates.

Thanks,

Nelsom.

0 Kudos
1 Reply
DavoudTeimouri
Virtuoso
Virtuoso
‎04-08-2013 12:12 AM

Hi,

Your CA server should be published on Internet and this is a high risk but you can provide SSL certificate from trusted CA roots for example Comodo.

I have same issue with our security servers but same as us, you have firewall bettween your security server and connection server so you connection is secured but not encrypted.

If you issued a certificate from your CA, you should add "SecurityServerName.Company.Com" as name not your internal security server name and deliver that to users for install on their PCs. Also you can covert that to PEM file and add to your Thin Clients and Zero Clients.

Davoud.

-------------------------------------------------------------------------------------
Davoud Teimouri - https://www.teimouri.net - Twitter: @davoud_teimouri Facebook: https://www.facebook.com/teimouri.net/
0 Kudos