VMware Horizon Community
jo_strasser
Enthusiast
Enthusiast
‎05-24-2012 03:05 PM

VMware View 5.1 - Certificate Request with Multi - Common Names

Hi Community,

I have 5 internal Connection Servers and 2 Security Gateways in our production environment.

Now, after the View 5.1 Upgrade, are my Security Servers "red marked" in View Administrator.

To solve this, I need to generate a certificate with two common names (CN).

One for a secure internal connection (between security and connection) and one for public users to connect.

I want build a CSR file (certificate request) that I can let authorize.

How can I build this?

In the CN fields I must define:

A) the internal servername in FQDN

B) the external servername (in the Internet) as example: view.company.com

Does it give a white paper how I can generate this CSR?

Be careful if you plan to upgrade to 5.1.

There are many security improvements in 5.1.

This can be a show stopper, if you don't review your official certs!

To solve issues, VMware Professional Services assists me.

But at this point, I can't find a solution.

Thanks, Jo



Johannes Strasser / SDDC Architect @ Porsche Informatik GmbH
Twitter: @jo_strasser
Reply
0 Kudos
10 Replies
rseabrooke
Enthusiast
Enthusiast
‎05-25-2012 08:31 AM

I am stuck and have some of the same questions. I use Network solutions to generate a signed certificate. I am asked the question what type software example Microsoft IIS 5.X and later. Then I am asked to enter the CSR from the Web Host. I am wondering do I need to install a CA in my domain and have it generate a CSR? I have read through several documentations but I could not find any of the info either.

Reply
0 Kudos
TomasFojta
VMware Employee
VMware Employee
‎05-27-2012 11:38 AM

Jo, I have described the process here: http://fojta.wordpress.com/2012/05/27/vmware-view-5-1-and-ssl-certificate-replacement/

Tomas

Reply
0 Kudos
jo_strasser
Enthusiast
Enthusiast
‎05-31-2012 02:06 PM

Hi!

Your description is for Connection Servers.

My problem are on Security Servers.

At the moment, I have a SR opened at VMware.

VMware doesn´t find a quick solution for this situation.

At the moment it looks like a global problem of View 5.1.

I will you keep informed.

Thanks, Jo!



Johannes Strasser / SDDC Architect @ Porsche Informatik GmbH
Twitter: @jo_strasser
Reply
0 Kudos
gmtx
Hot Shot
Hot Shot
‎05-31-2012 03:34 PM

Have you tried using a SAN cert? I'm using SAN (Unified Communications) certs from DigiCert for all my servers (connection, security, vc, hosts, etc.) and what's effectively a single cert with multiple SANs works fine - Teradici 4.0 firmware issue aside.

Geoff

Reply
0 Kudos
jo_strasser
Enthusiast
Enthusiast
‎08-18-2012 04:39 AM

Hi, I´ve done it with OpenSSL.

All works fine now...

Thanks, Jo!



Johannes Strasser / SDDC Architect @ Porsche Informatik GmbH
Twitter: @jo_strasser
Reply
0 Kudos
smithjr
Contributor
Contributor
‎11-27-2012 09:29 AM

Hi all. Any update?. I need to configure ssl certificates fot both...connections servers for LAN and security server for external access.

Thanks

Reply
0 Kudos
jo_strasser
Enthusiast
Enthusiast
‎11-27-2012 10:54 PM

You can request a certificate from an internal key infrastructure (if you have).

Otherwise you must generate an CSR-file and send it to an certificate authority.

Then you get a valid cert back and you can import it (don´t forget to import the root and intermediate certs also on the servers).

For some detailed informations follow my blog posts:

http://vmpro.at/2012/06/02/vmware-view-5-1-and-ssl-certificate-replacement/

http://vmpro.at/2012/06/22/vmware-view-5-1-security-server-server%c2%b4s-certificate-cannot-be-check...

cu Jo!



Johannes Strasser / SDDC Architect @ Porsche Informatik GmbH
Twitter: @jo_strasser
Reply
0 Kudos
EAleshkov
Contributor
Contributor
‎12-17-2012 11:36 PM

Hello all,

I also had the problem with ssl on view 5.1

Found today kb2020913

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=202091...

Take a look at Note: Ensure you choose the Windows Server 2003 certificate template option. Do NOT choose Windows Server 2008.

After using old template it really work!

I`m in perplexity, why vmware made this strange changes with ssl.

Reply
0 Kudos
smithjr
Contributor
Contributor
‎12-19-2012 06:31 PM

Hi all, what are the required steps to only replace the security server certificate with a verisign cert?. Is it possible to only replace the security server certificate and use the default certs for the connection servers.?

Thanks a lot

Reply
0 Kudos
memaad
Virtuoso
Virtuoso
‎12-19-2012 07:07 PM

Hi,

Here are two doc which will help you to import certificate in VMware view

http://www.vmware.com/files/pdf/techpaper/vmware-view-secure-communication-channels-ssl-certificates...

http://pubs.vmware.com/view-51/topic/com.vmware.ICbase/PDF/view-51-obtaining-certificates.pdf

>> VMware recommend to have  certificate issue by common authority across all the view component. However I have seen CA signed certificate installed only for security server and working fine.

Regards

Mohammed

Mohammed | Mark it as helpful or correct if my suggestion is useful.
Reply
0 Kudos