I've read through several of the SSL documents on how to setup a SSL cert for workspace. Has anyone successfully exported a wildcard cert with private key into workspace. I have View running with a wildcard cert. I have exported this cert for EVERYTHING and reused it. Any advice?
I have the same issue, fairly lost on how to import my public certificate into workspace. I have a public certificate with a SAN name for my horizon install, bu how do I get Workspace to use it?
Many times you must import the whole certificate chain and your private key must be in a format starting with -----BEGIN RSA PRIVATE KEY.
You create your cert chain simply by paste cert - intermediate - root into the field. Looking something like this;
-----BEGIN CERTIFICATE-----
DSERQ2....... <certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
WDRWEA....... <intermediate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
WFFEEWEA....... <ROOT cert>
-----END CERTIFICATE-----
Please don't use Internet Explorer when doing this operation. IE is famous for corrupting the cert.
Yup that's what I tried but got an error saying that my private key did not match the cert. So I generated a new CSR key on the configurator-va, re-keyed my public cert but got the same error message. Really strange, any ideas?
Are you using an internal CA or is your certificate publicly signed? If publicly signed by which CA?
Public CA by DigiCert, my view connection and security servers all use certificates from them too.
Yes, that one shouldn't be a problem. And you are not using Internet Explorer to paste the certs, right?
Might be worth filing a support ticket so we can have a look at it.
I just copy and paste the text of the certs directly from the DigiCert website into the Horizon Configurator --> SSL Certificate page. The fact I generated the Private Key csr directly from the configurator console I just can't see why this woulden't be a match.
Ok so yup I feel dumb, I was pasting in my csr file not the private key file, now it matches. Do you know how long it takes to start accepting the certificate and replicate it to the gateway-va?
The cert should be copied to the gateway almost immediately. Do you still see the cert warning in browser when you use workspace?
So when I connect to my FQDN it's all good, no certificate issues and my DigiCert is there. If I directly connect to my connector-va for example it still shows the self signed, which I don't mind to much I just thought the SSL Cert was pushed to the connector-va too.
The SSL cert is pushed only to the gateway, as sometimes the certs are hostname specific as well.
If you would like to not see the cert errors when you directly connect to the connector, please go to https://<connector va>/hc/admin/
Click on SSL Cert and paste the cert there as well.