Hey all, we have run into a snag renewing our Third-Party Proxy and Per-App SSL certificates. When attempting to upload we get an error ' Please upload a valid certificate chain.' However the chain does appear to be valid as it has been uploaded for profile signing and IIS for AWCM with no issues. We are working to get he pfx file recreated to try again but if we cannot get it figured out is there any downside to not using a third-party certificate and using the default AirWatch cert? We are using Proxy for Browser/Web access and Per-App VPN with only a few third party apps. This is an on-prem console version 9.2.3 with a single VMWare Tunnel in Basic configuration.
I assume you are running the tunnel install on Linux ? From what I remember we had to load the root and the intermediate certificates int the Java keystore . I will try and look at my notes when I get into the office.
Did you include the full chain entirely in the cert? IIS will accept intermediate certs elsewhere and AWCM will work (although it is questionably wise) without the full cert chain. Also I do not know of any downsides to using the AirWatch certs nothing not configured by the system connects to it (or is desired to connect) so trust by other systems is irrelevant.
I am facing the same issue. I tried to upload another certificate from the same CA and accepted successfully. It seems that it doesn't accept some certificates. Any idea why it fails? Thank you in advance.
