VMware Horizon Community
BenFB
Virtuoso
Virtuoso
‎05-23-2017 03:51 PM

Replace self-signed certificate on UAG swagger interface

I've noticed that while deploying the UAG it will create a self-signed certificate and bind it to the REST/swagger UI. This happens regardless of if a certificate is provided during deployment. I'm doing a two nic deployment. The self-signed certificate will have the issuer and subject fields contain "OU = self-signed". The issued to, issued by and subject fields will have a "CN = ip address/DNS" of the external NIC.

We are not allowed to have any self-signed certificates in our environment and are in need a way to replace this certificate.

Labels (1)
Labels
Reply
0 Kudos
4 Replies
pchapman
Hot Shot
Hot Shot
‎05-25-2017 09:14 AM

Are you using the recommended method of deployment - the PowerShell script?  I have used this tool for over a year now and it always utilizes the certificate I specify.

Here is the link:Using PowerShell to Deploy VMware Unified Access Gateway

Reply
0 Kudos
BenFB
Virtuoso
Virtuoso
‎05-25-2017 09:32 AM

I am, that only binds a certificate to the external interface and that is working correctly. The certificate that I'm referring to is for the swagger/admin UI. You can see this by pointing a browser to https://<mycoUnifiedGatewayAppliance>.com:9443/admin/index.html and looking at the certificate that is presented.

Reply
0 Kudos
markbenson
VMware Employee
VMware Employee
‎05-30-2017 07:33 AM

Currently (with UAG 3.0) there is no support for setting a custom certificate for the 9443 REST-API/Admin UI. The certificate specified is only applied to TLS 443. It is likely we'll add support for the certificate for the 9443 admin interface in a future version.

BTW, the admin UI is not Swagger. Swagger is not supported.

Mark

Reply
0 Kudos
BenFB
Virtuoso
Virtuoso
‎06-20-2017 01:54 PM

markbenson

Thank you for checking. I was really hoping there might be a manual way to replace that cert as a workaround. Let me know when you need someone to test it.

Sorry for the confusion on the admin UI. I swear at one time I saw it referred to as swagger but can no longer find that. I do see that the documentation references this URL https://access-point-appliance.example.com:9443/rest/swagger.yaml a lot.

Reply
0 Kudos