jedcrossley
Contributor
Contributor

Horizon View Access Point Install

I am trying to set up a Horizon Access Point Server as part of a new v6 deployment. I am standing this up instead of the traditional Security Server.

I am not a scripter and this is getting complicated. Is there an easier way to do this? I am using VMware documentation as well as this blog: VMware Access Point | Carl Stalhood

I am trying to figure out how to get a wildcard cert on this appliance and am getting confused on the .pfx conversion and especially on pushing this using Postman. Has anyone done this successfully that can give me some pointer or let me bounce some questions off you?

Labels (1)
Tags (1)
0 Kudos
8 Replies
cstalhood3
Enthusiast
Enthusiast

A .pfx must first be converted to PEM. You can do that using OpenSSL.

openssl pkcs12 -in wildcard.pfx -out wildcard.pem -nodes

0 Kudos
WindowsGuru
Contributor
Contributor

I'm following the same guide but having an issue. I converted my wildcard, extracted the key and made it one line and provided the key under "privatekeypem"

I then took the cerficate field from the mycert.pem and made that one line and put that under the "certchainpem" That uploads successfully but still fails to validate, so then I took the godaddy intermediate and root certs and added those in the order you specify.  Those upload successfully and it still fails to validate.  What am I doing wrong?

0 Kudos
cstalhood3
Enthusiast
Enthusiast

What do you mean by "fails to validate"? Is the REST call not working? Or is it working but the cert on the appliance is not valid?

If the REST call is not working then you can check the logs on the appliance. The file admin.log might have some more detail.

Can you provide a screenshot of the JSON you are putting?

0 Kudos
WindowsGuru
Contributor
Contributor

The rest call is working, but the cert is showing not valid on the device which doesn't make sense.  It's a valid wildcard cert.

0 Kudos
cstalhood3
Enthusiast
Enthusiast

You can run openssl s_client -connect MyAccessPoint.corp.com:443 to verify the cert.

0 Kudos
WindowsGuru
Contributor
Contributor

CONNECTED(00000003)

3493:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188

:

0 Kudos
WindowsGuru
Contributor
Contributor

Ok, so if I go direct https://appliance.corp.com it works.  When I go to https://appliance.corp.com:9443/rest/swagger.yaml it does not validate.  So it doesn't appear to apply to 9443

0 Kudos
markbenson
VMware Employee
VMware Employee

Access Point can now be installed using Windows PowerShell. It handles the SSL Server Certificate part as well and takes settings from a simple .INI file. It calls ovftool to do the actual deployment, but all the formatting and validation of the settings is handled automatically.

You may have solved the original problem, but hopefully this can simplify future deployments.

See Using PowerShell to Deploy VMware Access Point for details and to download the script.

Mark

0 Kudos