Schoppert's Posts

On the data vm, can you try running this : /opt/zimbra/bin/zmcertmgr addcacert /etc/ssl/certs/horizon_private_ca.pem the restarting the processes.
Lets do the following steps : undo what was done by the documentation On the configurator, clear out all certs in /usr/local/horizon/conf/*.pem run /usr/local/horizon/lib/menu/secure/wiz... See more...
Lets do the following steps : undo what was done by the documentation On the configurator, clear out all certs in /usr/local/horizon/conf/*.pem run /usr/local/horizon/lib/menu/secure/wizardssl.hzn This should create a new local CA cert, and generate individual SSL certs for all machines in the vApp. Install your CA cert on all machines in the vApp.  For each machine, do the following : copy your CA cert to : /etc/ssl/certs/horizon_private_ca.pem run c_rehash on service and connector, run /usr/java/jre1.6.0_37/bin/keytool -import -trustcacerts -file /etc/ssl/certs/horizon_private_ca.pem -alias horizon-private-ca -keystore /usr/java/jre-vmware/lib/security/cacerts on data run /opt/zimbra/jdk1.7.0_15/jre/bin/keytool -import -trustcacerts -file /etc/ssl/certs/horizon_private_ca.pem -alias horizon-private-ca -keystore /opt/zimbra/jdk1.7.0_15/jre/lib/security/cacerts Install your SSL cert + chain using the configurator UI Paste your SSL cert into the text box, followed by the cert chain, and root CA Paste in the SSL cert private key into that text box That should be enough to get your vApp up and running using your private CA cert as the customer facing SSL cert on the gateway.  Note, that when adding another VM to this vApp, you may need to re-do step 2 for that newly added machine.     
Ok, apparently the documentation led you astray.  The documentation wants you to load your own root ca cert + key into that directory and have the wizard script use that cert and key to generate ... See more...
Ok, apparently the documentation led you astray.  The documentation wants you to load your own root ca cert + key into that directory and have the wizard script use that cert and key to generate all the vm specific certs. So, you would create a new root ca + key and copy them into the directory and name the files : root_ca.pem and root_ca_key.pem Then run the wizardssl script. If you want to just load your SSL cert ( rooted into a custom CA ) into the gateway as the "customer facing cert" ... but, leave all the internal vApp certs alone ... I need to find the doc for how to add the custom CA to all the machines in the vApp.
I assume the second gateway reference in your list was "data" ? On the configurator, does the listvms command show all the appropriate machines ?      hznAdminTool listvms From the outside... See more...
I assume the second gateway reference in your list was "data" ? On the configurator, does the listvms command show all the appropriate machines ?      hznAdminTool listvms From the outside, can you get to this page :   https://<gateway>/SAAS/get-status.do
There is no command to restart all services across all machines. You can restart the individual services (on the respective vms) as follows :     gateway : /etc/rc.d/nginx restart     app ma... See more...
There is no command to restart all services across all machines. You can restart the individual services (on the respective vms) as follows :     gateway : /etc/rc.d/nginx restart     app manager ( aka service ) : /etc/rc.d/horizon-frontend restart     data : /etc/rc.d/zimbra restart     connector : /etc/rc.d/tcserver-c2 restart I would try the above, in order, to see if any resolve the issue ( temporarily ).
No smoking gun there. From the earlier logs, it appeared the gateway was having some trouble either getting to the members of the vApp.   In your network setup, are there any restrictions on w... See more...
No smoking gun there. From the earlier logs, it appeared the gateway was having some trouble either getting to the members of the vApp.   In your network setup, are there any restrictions on what ports can be accessed from machines within the vApp ... specifically with regards to the gateway ?
jamgol, if you want to send me a private message with one of the sets of certs that isn't working for you, I can try to reproduce your scenario in order to figure out what is going on.
The documentation Eric is referring to is a bit vague.  Eric would you mind listing out the steps you followed or shell history just so I can see what happened ?
Thanks for the logs, but something seems off.  Can you also attach the following files from the gateway : /opt/vmware/nginx/conf/nginx.conf /opt/vmware/nginx/conf/gen/upstream-6035.conf