Hello,
I will try to explain my issue as well as I can.
I have upgraded my server view composer from 5.2 to 6.2. And I would like to replace the default certificate by my own generate by my internal CA (on our DC).
I have created a requet.inf found here : VMware KB: Using Microsoft Certreq to generate signed SSL certificates in VMware Horizon View
And replace the CN, OU, O, etc by my information. Here the content :
;----------------- request.inf -----------------
[Version]
Signature= $Windows NT$
[NewRequest]
Subject = "CN=View_Server_FQDN, OU=Organizational_Unit_Name, O=Organization_Name, L=City_Name, S=State_Name, C=Country_Name" ; replace attributes in this line using example below
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
FriendlyName = vdm
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = Microsoft RSA SChannel Cryptographic Provider
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
[RequestAttributes]
; SAN= dns=FQDN_you_require&dns=other_FQDN_you_require
;-----------------------------------------------
After I generated the CSR with the following command : certreq -new request.inf certreq.txt
After I generated the certificate with our CA in DER64.
In the mmc on the server composer I import the certificate. Always go right.
And the last thing is to replace the default certificate with the SVI command : SviConfig ReplaceCertificate
It is done. I restart the Composer server go to the dashboard to see the flag. But I got a redflag on the Composer with the following message : server certificate does not match the url
I searched this message on Google and the error appear to be in the "CN", I verified the synthax and the name of the server (FQDN) are correctly write. I also see that we can use SAN (subject alternative Name).
But I always got the same error.
Someone have an idea about that ?
Best regards,
Apologies that was getting auto saved please ignore the previous comment.Alright now back to square on Composer certificates does not work as expected. Please share the outcome from below step
If you use sviconfig replace utility to revert to default certs does the certificate error go away ?
Can you attach the latest debug file from composer logs after a restart of the composer service
For information, I see in the log the following message :
Unable to retrieve at least one of the certificates.
Have a nice day.
That is the installation logs . Do you have installaiton issues. If not attach the latest file from C:\ProgramData\VMware\View Composer\Logs\
It is not getting replaced Still pointing to the old certificates
VMware View 5.2 Documentation Library
Run the command for replace certificates and try the correct thumbprint followed by a restart of the services
Here is the snippet
SimConfig.Operation.ReplaceCertificateOperation - Try to replace with the same certificate. Thumbprint: B3E3E72E213F6EC7420E579057F49CF4BFF77FC4
Do you still have this problem. I looks good. I can check again if you still have the problem
Yes the error is the same in the dashboard. "The server certificate does not match the URL".
Best regards,
Can you please attach a screenshot of the dashboard you can use snipping tool and Black out the first portion as well
In Configuration Edit VCenter and Composer Re-enter the password .
Take the log file from both connection server and Composer please
Hello,
I'm unable to re enter the password because I got the certificate erro who block the connection :
Le certificat configuré sur View Composer Server n'est pas valide, il bloque la communication avec ce serveur. Pour reprendre la communication, remplacez le certificat par un certificat valide signé par une autorité de certification. Vous pouvez également accepter l'empreinte numérique du certificat en cliquant sur Vérifier dans le tableau de bord de View Administrator.
Upgrade your connection server it is still at 5.2
Keep this Handy http://pubs.vmware.com/horizon-62-view/topic/com.vmware.ICbase/PDF/view-62-upgrades.pdf
Thank you for your feedback.
I will plan the upgrade for today.
The client will be able to reconnect with the view agent in 6.0 and 5.2 ?
Best regards,
That should not be a problem during upgrade.
Correct me IF I am wrong Composer is already at 6.2 and View is at 5.2?