Hi,
I had to replace my VMware View Certificate because the old one just expired. I went for RSA4096/SHA256 signed by WoSign for free. After installing the certificate I get ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome (other browsers don't work as well).
Debug log shows:
[KeyVaultKeyStore] (NetHandler) Failed to get certificate chain for: "vdm"
I already imported intermediate and root certificate. Also tried exporting the whole chain and reimporting .pfx with no success. If I go back to the old certificate I can get a SSL handshake (but of course expired).
Environment:
Windows 2012R2
View 6.2
RSA4096
SHA256
WoSign CA and Intermediate
Thanks for any help
Terminatorthree
Update: According to Java Cryptography Architecture Oracle ProvidersDocumentation SHA256 is not supported by SunJSSE which is used as the SSL Provider by VMware View. Can anybody confirm or disprove this?
Hello
i cant be sure cause i have not implemented yet, but it seems that by this doc sha256 is supported https://pubs.vmware.com/horizon-62-view/topic/com.vmware.ICbase/PDF/view-62-security.pdf
It might be that the CA is not trusted, i could not find it in the trusted CA on my laptop.
i wonder, does the /admin page work?
Hi,
the admin page does not work as well. The webserver does not bind any SSL Certificate to port 443 and thats why clients can't connect. I meanwhile tested with a SHA1/RSA2048 Cert from the same CA and it does not work as well. So it seems VMware View or the JRE beeing used does not like WoSign CA. On a windows level this CA is trusted and on all modern mobile devices as well.
Any idea how I can add trust to the CA for VMware View? I tried manually adding it to Trusted Roots in Windows but it tells me that it's already there. Is there any additional CA Keystore just for VMware View?
I ran into the same problem. During the certificate import I needed to check 'Mark this key as exportable. This will allow you to back up or transport your keys at a later time.'
I hope this help someone in the future.
Only one cert on the server can have the friendly name "vdm" did you remove this friendly name from the other cert?
My hero! I've been spinning my wheels with SHA256 cert in a new View 7.0.2 installation and had not installed the cert as exportable at first. After removing and reinstalling it as exportable it's now working. Beers are on me.
-Brent