VMware Workspace ONE Community
dhenderson00
Contributor
Contributor
‎04-05-2013 02:31 PM

How Do I export SSL certificate and setup on Horizon Workspace

I've read through several of the SSL documents on how to setup a SSL cert for workspace.  Has anyone successfully exported a wildcard cert with private key into workspace.  I have View running with a wildcard cert.  I have exported this cert for EVERYTHING and reused it.  Any advice?

0 Kudos
11 Replies
eucluke
Contributor
Contributor
‎04-17-2013 08:00 PM

I have the same issue, fairly lost on how to import my public certificate into workspace. I have a public certificate with a SAN name for my horizon install, bu how do I get Workspace to use it?

0 Kudos
pbjork
VMware Employee
VMware Employee
‎04-17-2013 11:07 PM

Many times you must import the whole certificate chain and your private key must be in a format starting with -----BEGIN RSA PRIVATE KEY.

You create your cert chain simply by paste cert - intermediate - root into the field. Looking something like this;

-----BEGIN CERTIFICATE-----
DSERQ2....... <certificate>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
WDRWEA....... <intermediate>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
WFFEEWEA....... <ROOT cert>
-----END CERTIFICATE-----

Please don't use Internet Explorer when doing this operation. IE is famous for corrupting the cert.

0 Kudos
eucluke
Contributor
Contributor
‎04-18-2013 02:01 AM

Yup that's what I tried but got an error saying that my private key did not match the cert. So I generated a new CSR key on the configurator-va, re-keyed my public cert but got the same error message. Really strange, any ideas?

0 Kudos
pbjork
VMware Employee
VMware Employee
‎04-18-2013 01:21 PM

Are you using an internal CA or is your certificate publicly signed? If publicly signed by which CA?

0 Kudos
eucluke
Contributor
Contributor
‎04-18-2013 02:05 PM

Public CA by DigiCert, my view connection and security servers all use certificates from them too.

0 Kudos
pbjork
VMware Employee
VMware Employee
‎04-18-2013 02:09 PM

Yes, that one shouldn't be a problem. And you are not using Internet Explorer to paste the certs, right?

Might be worth filing a support ticket so we can have a look at it.

0 Kudos
eucluke
Contributor
Contributor
‎04-18-2013 02:13 PM

I just copy and paste the text of the certs directly from the DigiCert website into the Horizon Configurator --> SSL Certificate page. The fact I generated the Private Key csr directly from the configurator console I just can't see why this woulden't be a match.

0 Kudos
eucluke
Contributor
Contributor
‎04-18-2013 03:24 PM

Ok so yup I feel dumb, I was pasting in my csr file not the private key file, now it matches. Do you know how long it takes to start accepting the certificate and replicate it to the gateway-va?

0 Kudos
sravuri
VMware Employee
VMware Employee
‎04-18-2013 08:15 PM

The cert should be copied to the gateway almost immediately. Do you still see the cert warning in browser when you use workspace?

0 Kudos
eucluke
Contributor
Contributor
‎04-18-2013 08:33 PM

So when I connect to my FQDN  it's all good, no certificate issues and my DigiCert is there. If I directly connect to my connector-va for example it still shows the self signed, which I don't mind to much I just thought the SSL Cert was pushed to the connector-va too.

0 Kudos
sravuri
VMware Employee
VMware Employee
‎04-18-2013 09:30 PM

The SSL cert is pushed only to the gateway, as sometimes the certs are hostname specific as well.

If you would like to not see the cert errors when you directly connect to the connector, please go to https://<connector va>/hc/admin/

Click on SSL Cert and paste the cert there as well.

0 Kudos