I have the certificate imported and they have a friendly name of vdm as per page 75 in the Horizon-view-52-installation.pdf file.
I have the intermediate certificates also imported and all services have been restarted but the servers still display red. I can't figure out what needs to be done to get these 2 servers to turn green. Any help would be appreciated.
If you click on the server that is red in the System Health area of the dashboard what kind of message is displayed?
For the Security Server it shows the version and just that the SSL Certificate is Invalid. Also Im trying to use a wildcard certificate but im thinking im going to switch it to another certificate.
If you visit the URL of these servers do the certificates show as trusted?
It displays the wildcard certificate but it still reports as red from the dashboard. If i go to the page for the machine it complains that its not trusted. I even disabled the certificate verification.
Try using a Subject Alternative Name certificate instead of a Wildcard also check if you have the root certificate installed.
I'm getting one setup right now with subject alternate names and I also verified i had the correct root certificates
Connection server is set after the new certificate but the new problem is that i see Unknown for Security Servers.
It sure would be nice for VMWare to allow a support case for evaluation software as my company is planning on purchasing the software it depends on how the trial goes.
I still have a security server that shows Red and Unknown. Can anyone provide any help? Im using a Wildcard SSL certificate and i even purchased on from Godaddy that included the view server and the security server names. I appreciate any light someone can shed.
Have you try setting the revocation checking at the registry?
Revocation Checking
VMware View 5.1 supports revocation checking of SSL certificates. This can be configured in the registry or by
setting GPO policy.
To configure revocation check types, edit the following registry settings or set a GPO policy on the Connection
Servers:
Add a string type registry key CertificateRevocationCheckType to Software\Policies\VMware, inc.\VMware
VDM\Security.
The following revocation check types are supported by VMware View 5.1.
• None – Set CertificateRevocationCheckType = 1. No revocation checking is done if this option is set.
• EndCertificateOnly – Set CertificateRevocationCheckType = 2. Revocation checking is done only for the end
certificate in the chain.
• WholeChain – Set CertificateRevocationCheckType = 3. A complete path is built for the certificate, and a
revocation check is done for all certificates in the path.
• WholeChainButRoot – Set CertificateRevocationCheckType = 4. A complete path is built for the certificate,
and a revocation check is done for all certificates in the path except forthe Root CA certificate (default value).
Note: As per RFC 4158, the options EndCertificateOnly = 2, WholeChain = 3, and WholeChainButRoot = 4 yield
the same revocation check results.
Other Revocation Check Settings
Additionalrevocation check setting supported by VMware View 5.1 include:
Software\Policies\VMware, inc.\VMware VDM\Security\ CertificateRevocationCheckCacheOnly.
“False”(default) – Disable caching revocation responses.
“True” – Enable caching revocation responses.
Software\Policies\VMware, inc.\VMware VDM\Security\ CertificateRevocationCheckTimeOut.
Cumulative timeout across allrevocation check intervals in milliseconds. If not set, default is set to ‘0’, which
means Microsoft defaults are used.
Please visit Microsoft-TechNet for detailed information on Certificate Status Checking.