VMware Horizon Community
Otip
Contributor
Contributor
‎05-22-2014 01:08 AM

certificate process for Horizon 5.3

Hi all,

I am trying to get rid of the certificate implementation on view 5.3 and I really get very confused with all the different informations I receive.

I have 3 servers. 1 connection, 1 security and 1 composer.

I have created an dns HOST (A) for view-int.my.domain that is redirecting to the security server.

I have been able to make it all work internally. now I try to give external access and I really get lost.

I have created an internal certificate for test purpose for the URL view-int.my.domain and friendly name vdm. I then imported this certificate on my security and connection servers and restarted the services.

Am I right doing this ? When I open my administration console I see the CS and SS red with message "Server's certificate does not match the URL."

Then I am lost. Do I need and alias? do I need my certificate on my two servers ?

Thanks for your help.

Otip

PS : imagine I finally make it work. How will connect my internal users, through the CS ?

0 Kudos
3 Replies
dvhorvath
Enthusiast
Enthusiast
‎05-22-2014 06:23 AM

If I'm understanding your question correctly, I think you should look at the External URL field in the settings for your Security Server and your Connection Server. If you'd like to use the same certificate for both servers, then both of them should use an identical External URL. In your case, that would be view-int.my.domain. Then, you'd have an A record internal DNS entry for view-int.my.domain that points to the internal IP address of your Connection Server, and an A record external DNS entry that points to the public IP address of your Security Server. The only other thing to be sure of is that the private key is included with the certificate on both your Security Server and your Connection Server. I hope that helps get you started on the right path. Please let me know if this answer is way off base, and I just don't understand the question.

0 Kudos
Otip
Contributor
Contributor
‎05-22-2014 08:02 AM

Hello dvhorvath,

I think you got me right, and I thank you for your answer.

Although one thing is still not clear. Let say I install my certificate for view-int.my.domain.

This URL does not correspond with my real servers' URL (CS1.my.domain and SS.my.domain).

Therefor in the dashboad of the admin console I will have a red alert "Server name does not match the URL. Certificate not in use" (sorry I don't have the exact message in front of me) for both servers.

Is it going to work anyway? or do I need to add my servers' real names to the alternative name of my certificate to make it work ?

Thanks a lot for taking the time to answer my questions. I really appreciate. (certificates often give me a headache, especially with this Horizon view...)

Otip

0 Kudos
dvhorvath
Enthusiast
Enthusiast
‎05-22-2014 08:09 AM

Glad to get you pointed in the right direction. As long as the FQDN that’s used to connect to the server is the same as the FQDN of the certificate, they’ll match up and you’ll be all set. In the case of View, that’s governed by the External URL field, so once that’s been changed and the certificate is in place, things should start to go green for you. You might need to restart the services on your Security and Connection server again after changing that setting, but you shouldn’t have to.

0 Kudos