VMware Horizon Community
tbone111
Contributor
Contributor
‎11-29-2012 09:54 PM

SSL Certificate Error

I have a View 5.1 environment.  I bought an SSL certificate with the name of "view.DomainName.com".  I installed this on my security server and everything works perfectly there.  However, I also have two internal Connection servers that are sitting behing an IP load balancer.  Internally these are also access by the "view.DomainName.com" DNS name.  I installed the certificate on these servers as well and everything works perfectly from the user's perspective.  They get a nice green "https" when connecting.  However, from the View Manager console these servers show up as "red" with the reason being that the certificate name (view.DomainName.com) is different than the server name (connectionserver.domainname.com).

1) Is there any way to clear this "red" warning?

2) If not, is there any better way to do this?

0 Kudos
4 Replies
npeter
Expert
Expert
‎12-03-2012 09:59 AM

Hi tbone111,

Try setting external URL of connction brokers to the same DNS name as in certificate. This may create problem if tunneling is enabled in these connection servers.

I believe the recomended way of placing loadbalacer is in front of security servers.

-noble

-nObLe
0 Kudos
tbone111
Contributor
Contributor
‎12-03-2012 02:52 PM

The external connection servers aren't the problem.  Their certificate and DNS name matches.  The problem is with the internal connection servers.  I also want them to use the "view.domainname.com" certificate with them but View Manager displays an error on those server because the certificate name doesn't match those server's DNS name.  As I said, for the users this is no problem at all but I would like for View Manager to not display these servers as "red" when this really shoudln't be a problem.

0 Kudos
npeter
Expert
Expert
‎12-03-2012 10:26 PM

You can change the External URL of broker (not Security Server ) to match DNS name in certificate. This will remove the "URL does not match" error and 'red' error, but you will end up with more client connection related issues.

The right way to solve your problem is to use wildcard certificates.

Refer http://kb.vmware.com/kb/2006751

-noble

-nObLe
0 Kudos
mittim12
Immortal
Immortal
‎12-04-2012 07:26 AM

In addition to wildcard certs a Subject Alternate Name cert will work too.  

0 Kudos