VMware Horizon Community
edawg
Enthusiast
Enthusiast
‎09-03-2013 03:54 PM
Jump to solution

Horizon View 5.2 SSL Certficate Question

Hello-

Realize this is a pretty worn out subject but had a question I was hoping could be clarified.  I am running two internal 5.2 CB's and a third internal CB paired with a security server in the DMZ.  Right now all are running with self signed certificates.  I am getting ready to generate a CSR to get a certificate from GoDaddy.  If I only want to buy one certificate can I list the names of all the additional CB's and Security server under the (SAN) Subject Alternate Name?  I don't mind buying unique certificates for each system, if that is the right way to do it, just also don't want to waste money if I can leverage one certificate. 

Thank you in advance,

Erik

Reply
1 Solution

Accepted Solutions
DJLO
Enthusiast
Enthusiast
‎03-13-2014 07:37 AM
Jump to solution

We use wildcard certs here.  No problem.  Just make sure the entire chain is in the PFX and that the certificate is exportable.  View will import it someplace else (lord knows why) but it does

View solution in original post

Reply
4 Replies
mittim12
Immortal
Immortal
‎09-05-2013 06:05 AM
Jump to solution

I've used the SAN field on my internal connection brokers to specify local name as well as the load balanced URL.   I haven't run into any problems doing this. 

Reply
Lyghtnin
Enthusiast
Enthusiast
‎03-13-2014 07:32 AM
Jump to solution

Erik,

You can buy a wildcard certificate (although this might be too late) but I came across your post trying to find a similar answer. You can use *.company.com or *.corp.company.com - both work.

All you have to do is import the .pfx, and make sure you check the 'Make the key exportable' during the import of the key and change the friendly name to vdm and the self signed friendly name to something else, restart the connection server service

Reply
DJLO
Enthusiast
Enthusiast
‎03-13-2014 07:37 AM
Jump to solution

We use wildcard certs here.  No problem.  Just make sure the entire chain is in the PFX and that the certificate is exportable.  View will import it someplace else (lord knows why) but it does

Reply
bjm534
Enthusiast
Enthusiast
‎03-31-2014 11:12 AM
Jump to solution

I agree with the other people who replied, wildcards are very popular. If you're using split DNS where the URL for users to access View is the same on the outside and inside then you only need one certificate for this. The certificate is validated against the URL name that you put into the connection server in the view admin console under edit (on the server itself). It's possible to use the same URL to resolve with all the different connection servers. In fact this is pretty normal behavior if you are using load balancers. This also brings up another point to make sure you add the Certs to your load balancers, if you don't you'll likely get certificate warnings still.

-Brad

-Brad
Reply
0 Kudos