<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Applying an SSL Certificate from a Private Certificate Authority generate and error in Workspace ONE Discussions</title>
    <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383238#M157</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Ok, apparently the documentation led you astray.&amp;nbsp; The documentation wants you to load your own root ca cert + key into that directory and have the wizard script use that cert and key to generate all the vm specific certs.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;So, you would create a new root ca + key and copy them into the directory and name the files : root_ca.pem and root_ca_key.pem&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Then run the wizardssl script.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;If you want to just load your SSL cert ( rooted into a custom CA ) into the gateway as the "customer facing cert" ... but, leave all the internal vApp certs alone ... I need to find the doc for how to add the custom CA to all the machines in the vApp.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Mon, 11 Mar 2013 14:27:00 GMT</pubDate>
    <dc:creator>Schoppert</dc:creator>
    <dc:date>2013-03-11T14:27:00Z</dc:date>
    <item>
      <title>Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383227#M146</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P class="MsoNormal"&gt;Hello,&lt;/P&gt;&lt;P class="MsoNormal"&gt;&lt;/P&gt;&lt;P class="MsoNormal"&gt;I’m trying to set a SSL cert generated from our internal CA.&lt;/P&gt;&lt;P class="MsoNormal"&gt;&lt;/P&gt;&lt;P class="MsoNormal"&gt;I went through the installation documentation at the Applying an SSL Certificate from a Private Certificate Authority chapter (page 72 of &lt;A href="http://pubs.vmware.com/horizon-workspace-10/topic/com.vmware.ICbase/PDF/horizon_workspace_10_install.pdf"&gt;http://pubs.vmware.com/horizon-workspace-10/topic/com.vmware.ICbase/PDF/horizon_workspace_10_install.pdf&lt;/A&gt;)&lt;/P&gt;&lt;P class="MsoNormal"&gt;When I add the certificate in PEM format, afterwards, and when I log back to the admin web interface, I can see that the new certificate has been applied. But when I want to login, the following error appears:&lt;/P&gt;&lt;P class="MsoNormal"&gt;&lt;/P&gt;&lt;P class="MsoNormal"&gt;Error&lt;/P&gt;&lt;P class="MsoNormal"&gt;Request failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target&lt;/P&gt;&lt;P class="MsoNormal"&gt;I must set back the certificate to generated one to being able to make it work again.&lt;/P&gt;&lt;P class="MsoNormal"&gt;If you have any suggestion, I’m more than welcome because this point is quite blocking to push the infrastructure into pre-production.&lt;/P&gt;&lt;P class="MsoNormal"&gt;&lt;/P&gt;&lt;P class="MsoNormal"&gt;Many thanks&lt;/P&gt;&lt;P class="MsoNormal"&gt;&lt;/P&gt;&lt;P class="MsoNormal"&gt;Eric&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 08 Mar 2013 20:41:52 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383227#M146</guid>
      <dc:creator>ekrejci</dc:creator>
      <dc:date>2013-03-08T20:41:52Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383228#M147</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hmm, that should do it. Can you send the logs from service-va and connector-va?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Sat, 09 Mar 2013 01:16:42 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383228#M147</guid>
      <dc:creator>sravuri</dc:creator>
      <dc:date>2013-03-09T01:16:42Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383229#M148</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I wonder if your certificate was built correctly.&amp;nbsp; I did this yesterday and maybe I just got lucky.&amp;nbsp; I used this article to help me format the certificate format correctly after I had converted my .PFX to a .PEM.&amp;nbsp; (I needed to open/edit the .PEM to copy and paste the sections into the fields).&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A class="jive-link-external-small" href="http://www.digicert.com/csr-creation-ssl-installation-zimbra.htm#install"&gt;http://www.digicert.com/csr-creation-ssl-installation-zimbra.htm#install&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Make sure to include the beginning and end tags on each certificate. The result should look like this:&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt; &lt;/STRONG&gt;&lt;STRONG&gt;&lt;SPAN style="color: #008000;"&gt;-----BEGIN CERTIFICATE----- &lt;/SPAN&gt;&lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;&lt;SPAN style="color: #008000;"&gt;(Your First Intermediate certificate: DigiCertCA.crt) &lt;/SPAN&gt;&lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;&lt;SPAN style="color: #008000;"&gt;-----END CERTIFICATE----- &lt;/SPAN&gt;&lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;&lt;SPAN style="color: #ff0000;"&gt;-----BEGIN CERTIFICATE----- &lt;/SPAN&gt;&lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;&lt;SPAN style="color: #ff0000;"&gt;(Your Second Intermediate certificate (if applicable): DigiCertCA2.crt)&lt;BR /&gt;-----END CERTIFICATE----- &lt;/SPAN&gt;&lt;BR /&gt;&lt;/STRONG&gt;&lt;SPAN style="color: #0000ff;"&gt;&lt;STRONG&gt;-----BEGIN CERTIFICATE----- &lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;(Your Root certificate: TrustedRoot.crt) &lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;-----END CERTIFICATE-----&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;STRONG&gt; &lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;I converted my PFX to a PEM at this website: &lt;/SPAN&gt;&lt;A class="jive-link-external-small" href="https://www.sslshopper.com/ssl-converter.html"&gt;https://www.sslshopper.com/ssl-converter.html&lt;/A&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Sat, 09 Mar 2013 16:58:41 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383229#M148</guid>
      <dc:creator>mjpagan</dc:creator>
      <dc:date>2013-03-09T16:58:41Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383230#M149</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;It might be that your internal Root CA (and/or subordinate and issuing CA servers) are not trusted by the connector-va.&lt;/P&gt;&lt;P&gt;To solve that import your Root CA into the trust store on the connector-va:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;/usr/java/jre1.6.0_37/bin/keytool -import -trustcacerts -file /tmp/&amp;lt;your-root-CA&amp;gt;.cer -alias &amp;lt;your-alias&amp;gt; -keystore /usr/java/jre-vmware/lib/security/cacerts&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;password is: changeit&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;when it prompts for acceptance type yes.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;reboot the connector.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Sun, 10 Mar 2013 22:37:37 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383230#M149</guid>
      <dc:creator>rsjensen</dc:creator>
      <dc:date>2013-03-10T22:37:37Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383231#M150</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;The wizardssl.hzn command is supposed to add the cert to the trusted authority list on all VAs. &lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 00:41:13 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383231#M150</guid>
      <dc:creator>sravuri</dc:creator>
      <dc:date>2013-03-11T00:41:13Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383232#M151</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I've tried the 'wizardssl.hzn' method with three different sets of certs .... same result for all.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Enough playing, I've logged a SR to get it fixed, will let you know what they come up with.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Cheers&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 02:31:41 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383232#M151</guid>
      <dc:creator>jamgol</dc:creator>
      <dc:date>2013-03-11T02:31:41Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383233#M152</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;The documentation Eric is referring to is a bit vague.&amp;nbsp; Eric would you mind listing out the steps you followed or shell history just so I can see what happened ?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 02:56:44 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383233#M152</guid>
      <dc:creator>Schoppert</dc:creator>
      <dc:date>2013-03-11T02:56:44Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383234#M153</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;jamgol, if you want to send me a private message with one of the sets of certs that isn't working for you, I can try to reproduce your scenario in order to figure out what is going on.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 02:59:53 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383234#M153</guid>
      <dc:creator>Schoppert</dc:creator>
      <dc:date>2013-03-11T02:59:53Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383235#M154</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Done,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Just got a email from support asking for log files from %program files% and to change some registry settings ..... oh dear ... this isn't going to go well.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Let me know what you can make of the cert chain, all appears to be fine to me.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 03:15:55 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383235#M154</guid>
      <dc:creator>jamgol</dc:creator>
      <dc:date>2013-03-11T03:15:55Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383236#M155</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've send the logs to sravuri. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;@Schoppert you are more than right when you are saying that the documentation is vague. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;what I did was:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;generate PEM files with openssl (openssl pkcs12 -in rui.pfx -out gateway.pem -nodes) from pfx generated using VMware's documentation&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;in the PEM, I have the cert of the gateway, its private key and the public cert of the CA that issued the cert.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;then from the gateway.pem I generated a root_ca_cert.pem with our internal CA public cert, a &amp;lt;hostname&amp;gt;_cert.pem and a &amp;lt;hostname&amp;gt;_key.pem.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;and finally used the "documentation":&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;on the configurator, delete *.pem from /usr/local/horizon/conf/&lt;/P&gt;&lt;P&gt;copied my certs to /usr/local/horizon/conf/&lt;/P&gt;&lt;P&gt;and ran /usr/local/horizon/lib/menu/secure/wizardssl.hzn&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;and finally in the web console of the connector and configurator added (tried) in the&amp;nbsp; SSL part the cert in the PEM format.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Eric&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 14:19:24 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383236#M155</guid>
      <dc:creator>ekrejci</dc:creator>
      <dc:date>2013-03-11T14:19:24Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383237#M156</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;&lt;SPAN&gt;The VMware documents were terrible to follow so I used Derek Seamans blog postings here: &lt;/SPAN&gt;&lt;A class="jive-link-external-small" href="http://derek858.blogspot.co.uk/2012/09/vmware-vcenter-51-installation-part-2.html"&gt;http://derek858.blogspot.co.uk/2012/09/vmware-vcenter-51-installation-part-2.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Much easier to follow&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 14:26:08 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383237#M156</guid>
      <dc:creator>firestartah</dc:creator>
      <dc:date>2013-03-11T14:26:08Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383238#M157</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Ok, apparently the documentation led you astray.&amp;nbsp; The documentation wants you to load your own root ca cert + key into that directory and have the wizard script use that cert and key to generate all the vm specific certs.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;So, you would create a new root ca + key and copy them into the directory and name the files : root_ca.pem and root_ca_key.pem&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Then run the wizardssl script.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;If you want to just load your SSL cert ( rooted into a custom CA ) into the gateway as the "customer facing cert" ... but, leave all the internal vApp certs alone ... I need to find the doc for how to add the custom CA to all the machines in the vApp.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 14:27:00 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383238#M157</guid>
      <dc:creator>Schoppert</dc:creator>
      <dc:date>2013-03-11T14:27:00Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383239#M158</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Ok, much clear now.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;the thing is that our security team, who are managing our CA, will NEVER give me the private key of our CA. that for sure.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;now, what I want to do is exactelly loading our SSL cert into the gateway. so the question is:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;how, can an internal CA cert beeing added to the different keystores used by the vApp in order to have the SSL cert trusted all the way down.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;if you want, I can use the suggestion of rsjensen to manually import the CA cert:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;/usr/java/jre1.6.0_37/bin/keytool -import -trustcacerts -file /tmp/&amp;lt;your-root-CA&amp;gt;.cer -alias &amp;lt;your-alias&amp;gt; -keystore /usr/java/jre-vmware/lib/security/cacerts&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I tried in the first place to directly include the CA cert in the configurator wizard:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;-----BEGIN CERTIFICATE----- &lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;(SSL Cert) &lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;-----END CERTIFICATE----- &lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;-----BEGIN CERTIFICATE----- &lt;BR /&gt;&lt;/STRONG&gt;&lt;STRONG&gt;(Root CA cert)&lt;BR /&gt;-----END CERTIFICATE----- &lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;the import went fine, but I had the error when I wanted to log in the gateway. (see my first entry in the thread)&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;what should be my next move?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;many thanks&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Eric&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 15:25:28 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383239#M158</guid>
      <dc:creator>ekrejci</dc:creator>
      <dc:date>2013-03-11T15:25:28Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383240#M159</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I just want to add, that I'm not certain that you will find a lot of security admins managing internal CA the will let their private key being used in such platform.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've just talked with our CISO about this usage. he was quite astonished. he told me that this could highly endanger the SSL/certificate security strategy of our company. just like comodo...&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;so maybe you should reconsider the way to use SSL certs from corporate CA. just having a mechanism that add the corporate CA to the different keystore present in the vApp.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Eric&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 16:07:07 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383240#M159</guid>
      <dc:creator>ekrejci</dc:creator>
      <dc:date>2013-03-11T16:07:07Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383241#M160</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Lets do the following steps :&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;OL&gt;&lt;LI&gt;&lt;SPAN&gt;undo what was done by the documentation &lt;img class="lia-deferred-image lia-image-emoji" src="https://communities.vmware.com/html/@3CBC42A1E7848F607FD419D398107BF9/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;&lt;/SPAN&gt;&lt;OL&gt;&lt;LI&gt;On the configurator, clear out all certs in /usr/local/horizon/conf/*.pem&lt;/LI&gt;&lt;LI&gt;run /usr/local/horizon/lib/menu/secure/wizardssl.hzn&lt;/LI&gt;&lt;LI&gt;This should create a new local CA cert, and generate individual SSL certs for all machines in the vApp.&lt;/LI&gt;&lt;/OL&gt;&lt;/LI&gt;&lt;LI&gt;Install your CA cert on all machines in the vApp.&amp;nbsp; For each machine, do the following :&lt;OL&gt;&lt;LI&gt;copy your CA cert to : /etc/ssl/certs/horizon_private_ca.pem&lt;/LI&gt;&lt;LI&gt;run c_rehash&lt;/LI&gt;&lt;LI&gt;on service and connector, run /usr/java/jre1.6.0_37/bin/keytool -import -trustcacerts -file /etc/ssl/certs/horizon_private_ca.pem -alias horizon-private-ca -keystore /usr/java/jre-vmware/lib/security/cacerts&lt;/LI&gt;&lt;LI&gt;on data run /opt/zimbra/jdk1.7.0_15/jre/bin/keytool -import -trustcacerts -file /etc/ssl/certs/horizon_private_ca.pem -alias horizon-private-ca -keystore /opt/zimbra/jdk1.7.0_15/jre/lib/security/cacerts&lt;/LI&gt;&lt;/OL&gt;&lt;/LI&gt;&lt;LI&gt;Install your SSL cert + chain using the configurator UI&lt;OL&gt;&lt;LI&gt;Paste your SSL cert into the text box, followed by the cert chain, and root CA &lt;/LI&gt;&lt;LI&gt;Paste in the SSL cert private key into that text box&lt;/LI&gt;&lt;/OL&gt;&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-size: 10pt;"&gt;That should be enough to get your vApp up and running using your private CA cert as the customer facing SSL cert on the gateway.&amp;nbsp; &lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-size: 10pt;"&gt;Note, that when adding another VM to this vApp, you may need to re-do step 2 for that newly added machine.&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;/SPAN&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 19:54:48 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383241#M160</guid>
      <dc:creator>Schoppert</dc:creator>
      <dc:date>2013-03-11T19:54:48Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383242#M161</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Brilliant, I'll try that now and let you know how it goes.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Do you see any reason why I couldn't use a wildcard SSL cert ?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 20:18:31 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383242#M161</guid>
      <dc:creator>jamgol</dc:creator>
      <dc:date>2013-03-11T20:18:31Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383243#M162</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I used one and it appears to be OK.&amp;nbsp; I'm still working out some oddities, but so far I do not think they're certificate related.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 20:23:12 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383243#M162</guid>
      <dc:creator>mjpagan</dc:creator>
      <dc:date>2013-03-11T20:23:12Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383244#M163</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I just read this line:&amp;nbsp;&amp;nbsp; "Paste your SSL cert into the text box, followed by the cert chain, and root CA" inserted our cert and root cert all in that single box.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I tried doing that without doing anything else ............... problem solved !&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Success !&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I suspect the work done yesterday with the private and root keys probably helped.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I'm one happy camper ......... now to sort out this load balancer !&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks Schoppert, I owe you a beer or 7.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Cheers&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 11 Mar 2013 20:34:28 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383244#M163</guid>
      <dc:creator>jamgol</dc:creator>
      <dc:date>2013-03-11T20:34:28Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383245#M164</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Brett, Thanks!&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Eric, can you please verify that virtual user functionality is also working fine for you, after following the cert steps that Brett provided? I know you had issues with that, in beta, with certs.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 12 Mar 2013 02:40:26 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383245#M164</guid>
      <dc:creator>sravuri</dc:creator>
      <dc:date>2013-03-12T02:40:26Z</dc:date>
    </item>
    <item>
      <title>Re: Applying an SSL Certificate from a Private Certificate Authority generate and error</title>
      <link>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383246#M165</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;thank you very much Schoppert for your procedure which is working fine to add SSL certs from internal CA.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;just a small tipo on point 2.4 -&amp;gt;&amp;nbsp; on data run /opt/zimbra/jdk1.7.0_15/jre/bin/keytool -import -trustcacerts -file /etc/ssl/certs/horizon_private_ca.pem -alias horizon-private-ca -keystore /opt/zimbra/jdk1.7.0_15/jre/lib/security/cacerts&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;the path is in fact:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;on data run /opt/zimbra/&lt;STRONG&gt;jdk1.7.0_05&lt;/STRONG&gt;/jre/bin/keytool -import -trustcacerts -file /etc/ssl/certs/horizon_private_ca.pem -alias horizon-private-ca -keystore /opt/zimbra/&lt;STRONG&gt;jdk1.7.0_05&lt;/STRONG&gt;/jre/lib/security/cacerts&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I also had at the end to restart the zimbra service on the data applicance in order to apply new cacerts.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;@sravuri, the issue with the virtual users is back, like in the Beta.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;do you want the logs of the data appliance?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;sincerely&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Eric&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 12 Mar 2013 09:32:21 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Workspace-ONE-Discussions/Applying-an-SSL-Certificate-from-a-Private-Certificate-Authority/m-p/383246#M165</guid>
      <dc:creator>eric_krejci</dc:creator>
      <dc:date>2013-03-12T09:32:21Z</dc:date>
    </item>
  </channel>
</rss>

