VMware Horizon Community
rellis123
Enthusiast
Enthusiast
‎02-27-2013 05:31 AM
Jump to solution

Installed root certificates on WYSE P20 clients


Hi
We are using WYSE P20 clients in a View 4.6 environment. We  are wanting to upgrade to the latest version of VIEW and as a  prerequisite, get root certificates working on the WYSE P20.

We  are using VIEW within our internal network space only, so the best  option for us is to install on to the P20s the root certificate  generated by our MS Windows Domain Controller.

We have exported  the certificated as both a DER- and/or Base64-encoded .CER file, renamed  that file with a .PEM extention and tried to re-apply the Policy to the  P20's, but cannot make this work.

The error message we are seeing is as follows:

02/23/2013, 13:17:18> LVL:1 RC:-501 X509_UTIL validate_pem_cert): Certificate length is not divisible by 4! [len = 1]
02/23/2013, 13:17:18> LVL:1 RC:-501 X509_UTIL tera_x509_util_is_valid): PEM certificate is invalid!
02/23/2013, 13:17:18> LVL:2 RC: 0 GSOAP :SOAP 1.2 fault: SOAP-ENV:Sender [no subcode]
02/23/2013, 13:17:18> LVL:2 RC: 0 GSOAP :"rootCertificate is invalid!" Detail: [no detail]
02/23/2013, 13:17:18> LVL:0 RC: 12 MGMT_CMI :Error serving SOAP request!

Unfortunately  this is a *major* issue for us because it is actively preventing us  from upgrading VIEW. If we cannot resolve the issue, we will have no  choice other than to dump the P20's altogether and find alternative  hardware.

Can anyone advise as to whether there is a working  solution for getting "self-signed" (i.e. non-Public) Root certificates  working on these devices?

0 Kudos
1 Solution

Accepted Solutions
mittim12
Immortal
Immortal
‎02-27-2013 05:37 AM
Jump to solution

I used openssl to convert my certificate.    here are some instructions I found when searching

Use the openssl command to convert between formats as follows:

    • To convert a certificate from PEM to DER:

  2. x509 -in input.crt -inform PEM –out output.crt -outform DER
  3. To convert a certificate from DER to PEM:
  4. x509 -in input.crt -inform DER -out output.crt -outform PEM
  5. To convert a key from PEM to DER:
  6. rsa -in input.key -inform PEM -out output.key -outform DER
  7. To convert a key from DER to PEM:
  8. rsa -in input.key -inform DER -out output.key -outform PEM

View solution in original post

0 Kudos
2 Replies
mittim12
Immortal
Immortal
‎02-27-2013 05:37 AM
Jump to solution

I used openssl to convert my certificate.    here are some instructions I found when searching

Use the openssl command to convert between formats as follows:

    • To convert a certificate from PEM to DER:

  2. x509 -in input.crt -inform PEM –out output.crt -outform DER
  3. To convert a certificate from DER to PEM:
  4. x509 -in input.crt -inform DER -out output.crt -outform PEM
  5. To convert a key from PEM to DER:
  6. rsa -in input.key -inform PEM -out output.key -outform DER
  7. To convert a key from DER to PEM:
  8. rsa -in input.key -inform DER -out output.key -outform PEM
0 Kudos
rellis123
Enthusiast
Enthusiast
‎02-27-2013 05:56 AM
Jump to solution

Thanks for the information.

I should have stated... I have tried conversions through OpenSSL already, as well as simply renaming the exported file from *.cer, to *.pem.

In desperation, I also tried exporting the root certificate with its private key, and converted that from a pfx to a pem with OpenSSL, but that didn't work either.

If anyone has any insight to what the specific error message means, or how I can construct my CA certificate in such a way that it will be accepted by the P20 as valid, that would be brilliant.

thanks

0 Kudos