VMware Horizon Community
onallion
Contributor
Contributor

Horizon 7 - Wildcard SSL certificate error

Hey guys,

I am setting up a new Horizon 7 server. If I use a self-signed certificate from my CA it works fine, but I need to use a public one so people can connect externally.

I have a wildcard certificate from GoDaddy which works just fine everywhere (and on my old Horizon 6 server), but when I import it to this server (it's valid, with a key etc etc) and restart the services, I get the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH in my browser.

So, what's going on here? Did Horizon 7 introduce new requirements for certs which my current one perhaps does not fulfill?

Thanks

3 Replies
techguy129
Expert
Expert

Are you using a 2016 server? Does it work in Internet Explorer and not chrome/firefox? The problem revolves around while cipher suite the browser wants to use and the one offered by the server.

Two Suggestions:

You can try disabling HTTP/2 on the server by implementing these registry keys: Disable HTTP/2 Protocol on Windows 10 and Windows 2016 Desktops

If that doesn't work, I'd suggest trying Nartac Software - IIS Crypto and setting it to use the best practices

Reply
0 Kudos
EMMJunkie
Enthusiast
Enthusiast

onallion​ did you perhaps ever get this resolved?

I was also wondering if I could pick your brain around the wildcard certificate from GoDaddy?

Reply
0 Kudos
Shreyskar
VMware Employee
VMware Employee

Hi EMMJunkie

ERR_SSL_VERSION_OR_CIPHER_MISMATCH comes when private key is not set to 'exportable' .Please try to export the certificate from a windows certificate manager and verify you are getting the option 'Export the private key'. If not, it means cert doesn't have private key exportable.