VMware Horizon Community
fafa24
Enthusiast
Enthusiast
‎04-29-2014 03:11 PM
Jump to solution

SSL certificate for external facing security server

Dear All,

Today I bought an external SSL certificate from DigitCert for our security server. I imported the certificates to the Personal certificate store (computer account) on the security server. DigiCert provided three certificate, Root CA, Server CA and one with the name of our domain. I renamed the friendly name vdm of the existing self signed certificate and used the friendly name vdm for the certificate has our domain name. Thereafter I restarted the View services on the security server. They all started except the "View Blast Secure Gateway" service which entered the paused state.

About our setup, we have one connection server and one security server. For the security server we are using a different domain name than for connection server. We have an internal PKI and the connection server is using such a SSL certificate.

connection server = server01.internaldomain.com

security server = server02.externaldomain.com

Why could the certificate not be loaded from the View Blast Secure Gateway? Did I miss something?

Thanks,

Edy

0 Kudos
1 Solution

Accepted Solutions
fafa24
Enthusiast
Enthusiast
‎05-01-2014 02:11 AM
Jump to solution

I resolved it. The issue was with the private key of the certificate. That's the reason the Secure Blast Gateway couldn't load.

View solution in original post

0 Kudos
7 Replies
vcpguy
Expert
Expert
‎04-29-2014 03:36 PM
Jump to solution

Please check this link - VMware KB: Installing and configuring VMware View Security Server in View Manager 4.6 and later vers...

----------------------------------------------------------------------------- Please don't forget to reward Points for helpful hints; answers; suggestions. My blog: http://vmwaredevotee.com
0 Kudos
Gaurav_Baghla
VMware Employee
VMware Employee
‎04-29-2014 04:07 PM
Jump to solution

HI,

The Html Portal Access would be installed only on the Connection Server and on the Security Server you would require to open the ports Manually. check the Article below and make sure the windows Firewall Service is running

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=102721...

Regards Gaurav Baghla Opinions are my own and not the views of my employer. https://twitter.com/garry_14
0 Kudos
markbenson
VMware Employee
VMware Employee
‎04-30-2014 12:12 AM
Jump to solution

http://pubs.vmware.com/view-52/index.jsp?topic=%2Fcom.vmware.view.installation.doc%2FGUID-DB6480BA-3...

Double check these steps. The Blast Secure Gateway on Connection Server and Security Server uses the same certificate as the rest of View.

Mark

0 Kudos
fafa24
Enthusiast
Enthusiast
‎04-30-2014 12:25 AM
Jump to solution

Thanks Mark,

This means I need to install the same CA certificate on my connection server and security server.  Is it not possible to have different certificates for the connection server and security server?

Edy

0 Kudos
markbenson
VMware Employee
VMware Employee
‎04-30-2014 06:43 AM
Jump to solution

fafa24 wrote:

Thanks Mark,

This means I need to install the same CA certificate on my connection server and security server.  Is it not possible to have different certificates for the connection server and security server?

Edy

No. The certificates installed on Security Server and Connection Server don't need to be the same. The important thing is the certificate used at the SSL termination point. If the clients are connecting to Security Server then the certificate on that Security Server needs a name that matches what the View Client user enters.

Mark

fafa24
Enthusiast
Enthusiast
‎05-01-2014 02:11 AM
Jump to solution

I resolved it. The issue was with the private key of the certificate. That's the reason the Secure Blast Gateway couldn't load.

0 Kudos
triethuynh
Contributor
Contributor
‎03-21-2015 09:04 AM
Jump to solution

Hi fafa24,

I have same problem with you, could you please give me more detail how to fix this problem with private key? thank you very much, hope can receive reply from you soon.

Triet

0 Kudos