I will try to explain my issue as well as I can.
I have upgraded my server view composer from 5.2 to 6.2. And I would like to replace the default certificate by my own generate by my internal CA (on our DC).
I have created a requet.inf found here : VMware KB: Using Microsoft Certreq to generate signed SSL certificates in VMware Horizon View
And replace the CN, OU, O, etc by my information. Here the content :
;----------------- request.inf -----------------
Signature= $Windows NT$
Subject = "CN=View_Server_FQDN, OU=Organizational_Unit_Name, O=Organization_Name, L=City_Name, S=State_Name, C=Country_Name" ; replace attributes in this line using example below
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
FriendlyName = vdm
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = Microsoft RSA SChannel Cryptographic Provider
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
OID=18.104.22.168.22.214.171.124.1 ; this is for Server Authentication
; SAN= dns=FQDN_you_require&dns=other_FQDN_you_require
After I generated the CSR with the following command : certreq -new request.inf certreq.txt
After I generated the certificate with our CA in DER64.
In the mmc on the server composer I import the certificate. Always go right.
And the last thing is to replace the default certificate with the SVI command : SviConfig ReplaceCertificate
It is done. I restart the Composer server go to the dashboard to see the flag. But I got a redflag on the Composer with the following message : server certificate does not match the url
I searched this message on Google and the error appear to be in the "CN", I verified the synthax and the name of the server (FQDN) are correctly write. I also see that we can use SAN (subject alternative Name).
But I always got the same error.
Someone have an idea about that ?
Yes the composer is at 6.2 and the connection in 5.2.
I will upgrade the connection server today.
I hope it will resolve all our issue. We are unable to modify the pool, we are also unable to recompose or adding new desktop in linked clone pool.
Installing on a new Server would not be a good idea.
I would say troubleshoot the connection server upgrade Failure . %temp% would have the vminst_failed logs plus also attach the screenshot
Apologies that was getting auto saved please ignore the previous comment.Alright now back to square on Composer certificates does not work as expected. Please share the outcome from below step
If you use sviconfig replace utility to revert to default certs does the certificate error go away ?
Here the steps that I followed :
- Stopping service VMWare Composer
- Using "sviconfig" => C:\Program Files (x86)\VMware\VMware View Composer> "SviConfig.exe -operation=replacecertificate -delete=false"
The output of this command show me the 6 certificates witch I found in the certificate store. I choose one of the old certificate by entering the number and got :
Unbind certificate from the port 18443 successfully.
Bind the new certificate to the port.
ReplaceCertificate operation completed successfully.
- After I restart the View Composer Service.
But I always see the error and when I push "Verified", I got two news errors :
1) "Le nom de l'objet du certificat du serveur ne correspond pas à l'URL externe du serveur" => Translate : The object name of the certificate does not match to the extern URL of the server.
2) "Le certificat de serveur n'est pas approuvé." => Translate : The certificate of the server is not approved.
The thing that disturbed me is that I don't see the version of the View Composer in the pop-up for the certificate. I don't know if it linked to my issue.
Have a look at this
Alright . You are using an Internal CA. Can you have a rough walkthrogh this.