VMware Horizon Community
Kbeste
Contributor
Contributor
‎04-24-2013 09:22 AM
Jump to solution

Load balancer with View 5.1

Hey all,

I've got a question about getting our load balancer up and running in our View 5.1 environment.  I've followed KB article 2020913 to get our view servers up and running with SSL certificates.  I'm in the process of getting our load balancer set up and I keep getting SSL certificate errors.  Here's a breif summary of our setup.  I've got two View connection servers (VCS1 and VCS2) with SSL certificates from our internal Certificate Authority.  Then there is our load balancer.  When you use the VMware View Client and go to the load balancer's address view.company.com, I get "The hose name in the certificate is invalid or does not match".  I click on "Show certificate" and it's showing the certificate from one of the two View connection servers.  Did I mess something up with the setup, or am I missing an obvious solution?  Any help would be appreciated.

Thanks,

-Kyle

0 Kudos
1 Solution

Accepted Solutions
markbenson
VMware Employee
VMware Employee
‎04-24-2013 10:27 AM
Jump to solution

Hi,

This is expected behaviour. With SSL, the certificate name is checked against the hostname specified by the client.

There are a couple of ways to deal with this. If you use certificates with a subject alternate name of your load balanced alias, it will all work.

e.g. if you have certs on each Connection Server (or Security Server) with names cs1.myco.com and cs2.myco.com but your View client users connect using a load balanced alias of view.myco.com then by ensuring each cert has a subject alternate name of view.myco.com then the hostname match check will work.

See kb.vmware.com/kb/2006751 for more info.

Mark

View solution in original post

0 Kudos
3 Replies
markbenson
VMware Employee
VMware Employee
‎04-24-2013 10:27 AM
Jump to solution

Hi,

This is expected behaviour. With SSL, the certificate name is checked against the hostname specified by the client.

There are a couple of ways to deal with this. If you use certificates with a subject alternate name of your load balanced alias, it will all work.

e.g. if you have certs on each Connection Server (or Security Server) with names cs1.myco.com and cs2.myco.com but your View client users connect using a load balanced alias of view.myco.com then by ensuring each cert has a subject alternate name of view.myco.com then the hostname match check will work.

See kb.vmware.com/kb/2006751 for more info.

Mark

0 Kudos
Kbeste
Contributor
Contributor
‎04-24-2013 12:21 PM
Jump to solution

Mark,

Worked like a charm.  Thanks for your assistance!

-Kyle

0 Kudos
markbenson
VMware Employee
VMware Employee
‎04-24-2013 01:32 PM
Jump to solution

Many thanks for posting back. I'm sure it'll help others too.

Mark

0 Kudos