VMware Horizon Community
vmmaj
Enthusiast
Enthusiast
‎08-27-2020 08:07 AM

Tenable scan - Untrusted Certificates on vmware view destkops.

Our Company uses Tenable to scan desktop\servers for security flaws. One security issue that it finds on all of the VMware View desktops is an unTrusted Certificates

Details from Tenable -

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not

found in the list of known certificate authorities :

|-Subject : CN=nameofdesktop.domain.com - actual desktop name\domain removed... you know - security : )

. The certificate is located at [Console Root\Certificates (Local Computer)\VMwareView\Certificates\nameofdesktop.domain.com] and [Console Root\Certificates (Local Computer)\Remote Desktop\Certificates\nameofdesktop.domain.com]

Does anyone know what the certificate is used for ( I assume remote connections)? Is it generated during a recompose or desktop creation? Most importantly - How do i get certs to be trusted?

Thank you.

M.

0 Kudos
2 Replies
vmmaj
Enthusiast
Enthusiast
‎09-10-2020 05:27 AM

CERT ISSUE VDI DEsktops.jpg

0 Kudos
vmmaj
Enthusiast
Enthusiast
‎09-10-2020 05:29 AM

The tenable issue i am still fighting is below. I am trying to work with vmware but this isn't a high priority issue as the system works fine and there is no down time but i need to get it cleared up none the less. Anyone have any experience with getting the x.509 cert trusted on VDI linked clones.

Also, this cert is automatically regenerated at boot up if it is removed from the cert store.

Thanks.

0 Kudos