ekrejci
Enthusiast
Enthusiast

Applying an SSL Certificate from a Private Certificate Authority generate and error

Hello,

I’m trying to set a SSL cert generated from our internal CA.

I went through the installation documentation at the Applying an SSL Certificate from a Private Certificate Authority chapter (page 72 of http://pubs.vmware.com/horizon-workspace-10/topic/com.vmware.ICbase/PDF/horizon_workspace_10_install...)

When I add the certificate in PEM format, afterwards, and when I log back to the admin web interface, I can see that the new certificate has been applied. But when I want to login, the following error appears:

Error

Request failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I must set back the certificate to generated one to being able to make it work again.

If you have any suggestion, I’m more than welcome because this point is quite blocking to push the infrastructure into pre-production.

Many thanks

Eric

Tags (3)
0 Kudos
25 Replies
ekrejci
Enthusiast
Enthusiast

A small update:

not only the virtual users are not accessible, but also the COS of the Data service.

it seems that the communication to the data-va is not working well.

Eric

0 Kudos
Schoppert
VMware Employee
VMware Employee

On the data vm, can you try running this :

/opt/zimbra/bin/zmcertmgr addcacert /etc/ssl/certs/horizon_private_ca.pem

the restarting the processes.

0 Kudos
ekrejci
Enthusiast
Enthusiast

Hi Schoppert,

the  /opt/zimbra/bin/zmcertmgr addcacert /etc/ssl/certs/horizon_private_ca.pem did not worked, I eve tried to restart the whole infra with the same result:

COS: Unable to get class of service.

Virtual User: Failed to get list of virtual users

I'm going to try to roll back to a self-signed cert on the gateway to see if the communication with the data works again.

Eric

0 Kudos
ctronco
Contributor
Contributor

After looking at the Horizon instructions for adding a cert from a major cert authority, I tried applying the certificate i created to both  the gateway/configurator and the connector VM. I've got a quick and dirty writeup on my blog (http://cars.lostroncos.org/2013/03/16/adding-ms-signed-certs-to-horizon-workspace/) that might be helpful for some folks... I've managed to repeat this process multiple times so I have some level of confidence it works...

0 Kudos
ekrejci
Enthusiast
Enthusiast

did you try to check the Virtual Users and the COS of the data service?

in my install, everything works except these 2.

Eric

0 Kudos
ctronco
Contributor
Contributor

Not sure what errors you were seeing, but I am able to create/apply new COS and share things with new virtual users.

0 Kudos