VMware Horizon Community
fafa24
Enthusiast
Enthusiast
‎09-03-2012 01:05 PM

SSL self signed issue after upgrade to 5.1 from 5.0

Dear All,

I have upgraded my connection and security server to 5.1. All went fine without a problem.

I have now 2 issues in the system health of my admin portal page for the connection and security server. The certificate is untrusted.

A self-signed certificate is installed on this server. Install a certificate that can be validated on this server.

Well we never have had a signed certificate installed before. Is there a way to ignore this error and make it green?

Thanks,

Edy

0 Kudos
3 Replies
markbenson
VMware Employee
VMware Employee
‎09-03-2012 03:53 PM

The best way to resolve this is to purchase a trusted CA signed SSL server certificate and install it on your View Servers. This way your users will have the assurance that they are connecting to a verified View environment.

The main purpose of SSL between the View clients and a View environment is to prevent attacks of eavesdropping and tampering of this communication.

As with any secure web-site, if you stick with an untrusted CA or self-signed SSL server certificate, your environment is vulnerable to a man-in-the-middle (MITM) attack.

The default for View clients is to show a warning message if an untrusted certificate is used. You will also eliminate this warning when you install a correct certificate.

For instruction on this look at the Configuring SSL Certificates for View Servers in the View Installation Guide and also the Obtaining SSL Certificates for VMware View Servers guide.

The alternative is to ignore the warnings, but then your View environment will remain vulnerable.

Hope this helps.

Mark

fafa24
Enthusiast
Enthusiast
‎09-04-2012 06:28 AM

Hi Mark,

Thanks as always for your answer.

I will get a secure SSL certificate. I have read the instructions about Obtaining SSL certificate for View Servers.

I guess that I should use a provider which provides the certificate in PKCS#12 format. This should be easier to import into View server. We have an account with comodo. Any particular things I should take care to make life easier? Smiley Happy

Thanks,

Edy

0 Kudos
markbenson
VMware Employee
VMware Employee
‎09-04-2012 06:42 AM

Yes, getting a PKCS#12 format signed cert back makes it easier. On the Connection Server you can just double click on the .p12 file at it will run the import Wizard to get it into the cert store. You then need to set its friendly name to "vdm".

Go through the two documents I referenced.

Mark

0 Kudos