VMware Horizon Community
EricinIT
Contributor
Contributor
‎07-30-2019 12:04 PM
Jump to solution

Invalid Certificate Warning in Android Horizon App

Hi,

I have a UAG 3.6 sitting in a DMZ in front of a Horizon 7.8 connection server. I have a valid wildcard certificate applied on the UAG from GoDaddy. The certificate shows valid on any device except for in the Android VMware Horizon app. This is an issue on all Android devices I have tried. It give the error "This certificate is not trusted". However, the certificate listed is the valid certificate. My only guess is there is an intermediate certificate that is not trusted on Android devices. However, when I had a Horizon Security server, the certificate was showing valid on Android devices.

Does anyone have any ideas why this might be an issue?

1 Solution

Accepted Solutions
Raywire
Contributor
Contributor
‎08-20-2019 09:08 AM
Jump to solution

Hi,

In case anyone is interested: we solved this by uploading the complete certificate chain to the UAG. We had to first convert all certificates in the chain to PEM-format (using OpenSSL), then opening all PEM-files and copying the contents of those separate PEM-files into one textfile, renaming the resulting file to .PEM and uploading it to the UAG. FInal step was to upload the private keyfile (also in PEM-format) to the UAG.

Regards,

Raymond

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

3 Replies
Raywire
Contributor
Contributor
‎08-14-2019 10:09 PM
Jump to solution

Hi EricinIT,

We are experiencing exactly the same issue with UAG 3.6 and Horizon 7.9 (please note that your setup, UAG 3.6 and Horizon 7.8, is not a supported configuration). We also use a wildcard certificate from GoDaddy. On Windows clients and the IOS App, the certificate seems valid, on the Android App and Igel thin clients the same certificate seems invalid. The same certificate worked fine on any configurations before the migration to UAG. I have submitted a ticket about this issue with VMware and can keep you informed of their response.

KInd regards,

Raymond

Raywire
Contributor
Contributor
‎08-20-2019 09:08 AM
Jump to solution

Hi,

In case anyone is interested: we solved this by uploading the complete certificate chain to the UAG. We had to first convert all certificates in the chain to PEM-format (using OpenSSL), then opening all PEM-files and copying the contents of those separate PEM-files into one textfile, renaming the resulting file to .PEM and uploading it to the UAG. FInal step was to upload the private keyfile (also in PEM-format) to the UAG.

Regards,

Raymond

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

nesh7750
Contributor
Contributor
‎06-07-2021 11:38 PM
Jump to solution

You may see windows machines show the certificate as trusted due to the root and intermediate certificates from the famous cert providers are automatically installed into the local machine. During windows update, these certs are imported and that's why you may see it as trusted. In order to solve this issue, you may install the wildcard certificate into you local windows machine, and then export it back. But this time, make sure you tick on exporting all the certificate in its path. By doing this, you will have 3 certificates in 1 (wildcard,intermidiate and root). Use this cert and apply in UAG, you will not receive untrusted issues anymore in any device.

0 Kudos