VMware Cloud Community
PhilippPrestele
Contributor
Contributor
‎08-16-2017 01:21 PM
Jump to solution

VIO SSL Certificate - how to add Root CA?

Hello Everybody,

I have a basic understanding issue, obviously, about adding a SSL cert into VIO.

Cert add procedure went fine but I have no possibilty to add a root CA and intermediate cert, therefore my cert is shown as unsecure.

Does anybody know how to solve this?

Regards


Philipp

0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal
‎08-17-2017 01:17 AM
Jump to solution

Hi Philipp,

it seems (for my understanding) you have to add intermediate certificate too.

Please, follow KB 2150710:

https://ikb.vmware.com/contactcenter/php/search.do?cmd=displayKC&docType=kc&externalId=2150710&slice...

to fix the issue.

Please, let me know if it works!

Cheers,

Domenico

View solution in original post

0 Kudos
5 Replies
VirtualFox
VMware Employee
VMware Employee
‎08-16-2017 03:23 PM
Jump to solution

If you mean outbound connections from like heat-engine to a URL hosted template over https for example then try this KB:

* How to add trusted CA certificates in the VIO

http://kb.vmware.com/kb/2150522

If you mean trusted connection to the Horizon Dashboard needs to present the full CA chain. I suspect you are on Chrome. Can you get a copy of the exact error message in the Chrome settings > Developer Tools > Security tab. Also can you see what message you get in FireFox as well. I thought requiring a CA chain is still experimental and as far as I know Chrome is the only browser to have implemented this security check.

0 Kudos
PhilippPrestele
Contributor
Contributor
‎08-17-2017 12:19 AM
Jump to solution

Yes I mean the ful CA chain for the Horizon Dashsboard.


As I have a cert file an intermediate file and a root CA file, I don't know how to upload them as I only have one option to upload a cert file.

Chrome and Firefox says both that the CA cert / chain is missing.

Only the cert it self is shown:

openstack-cert.PNG

How can I add those certs into the chain? Or is there another way to solve this?

0 Kudos
admin
Immortal
Immortal
‎08-17-2017 01:17 AM
Jump to solution

Hi Philipp,

it seems (for my understanding) you have to add intermediate certificate too.

Please, follow KB 2150710:

https://ikb.vmware.com/contactcenter/php/search.do?cmd=displayKC&docType=kc&externalId=2150710&slice...

to fix the issue.

Please, let me know if it works!

Cheers,

Domenico

0 Kudos
PhilippPrestele
Contributor
Contributor
‎08-17-2017 01:33 AM
Jump to solution

Yes that solved it.


Thank you very much!

0 Kudos
admin
Immortal
Immortal
‎08-17-2017 01:36 AM
Jump to solution

cool!

Have a great day!

0 Kudos