Hey all,
I've got a question about getting our load balancer up and running in our View 5.1 environment. I've followed KB article 2020913 to get our view servers up and running with SSL certificates. I'm in the process of getting our load balancer set up and I keep getting SSL certificate errors. Here's a breif summary of our setup. I've got two View connection servers (VCS1 and VCS2) with SSL certificates from our internal Certificate Authority. Then there is our load balancer. When you use the VMware View Client and go to the load balancer's address view.company.com, I get "The hose name in the certificate is invalid or does not match". I click on "Show certificate" and it's showing the certificate from one of the two View connection servers. Did I mess something up with the setup, or am I missing an obvious solution? Any help would be appreciated.
Thanks,
-Kyle
Hi,
This is expected behaviour. With SSL, the certificate name is checked against the hostname specified by the client.
There are a couple of ways to deal with this. If you use certificates with a subject alternate name of your load balanced alias, it will all work.
e.g. if you have certs on each Connection Server (or Security Server) with names cs1.myco.com and cs2.myco.com but your View client users connect using a load balanced alias of view.myco.com then by ensuring each cert has a subject alternate name of view.myco.com then the hostname match check will work.
See kb.vmware.com/kb/2006751 for more info.
Mark
Hi,
This is expected behaviour. With SSL, the certificate name is checked against the hostname specified by the client.
There are a couple of ways to deal with this. If you use certificates with a subject alternate name of your load balanced alias, it will all work.
e.g. if you have certs on each Connection Server (or Security Server) with names cs1.myco.com and cs2.myco.com but your View client users connect using a load balanced alias of view.myco.com then by ensuring each cert has a subject alternate name of view.myco.com then the hostname match check will work.
See kb.vmware.com/kb/2006751 for more info.
Mark
Mark,
Worked like a charm. Thanks for your assistance!
-Kyle
Many thanks for posting back. I'm sure it'll help others too.
Mark