Sunday, April 12, 2015

Unable to connect to VMware Horizon View with iPad or Android devices

Problem

You’ve recently renewed the certificate issued by a public CA for your VMware Horizon View Security server that secures external incoming traffic. Windows desktops continue to connect without any issues but users with iPads or Android devices receive the following error:

iPad Error:

Untrusted Horizon Connection

VMware Horizon cannot verify your connection. Contact your administrator.

View Certificate

Do Not Connect

image

Clicking on the View Certificate shows the following certificate details (this example uses a GoDaddy certificate):

Not Trusted

image

Android Error:

Security Error

Failed to connect to the Connection Server. The server provided a certificate that is inavlid.

image

Clicking on the View Certificate shows the following certificate details (this example uses a GoDaddy certificate):

The certificate is not trusted.

image

Solution

Assuming that you are using the Fully Qualified Domain Name to connect to the View Connection Server then one of the reasons why this error is thrown is because either the root or intermediate or both of the certificates have not been imported into your View Security Server.  To confirm whether this is the case, log onto your View Security Server, launch the MMC and open the properties of the certificate that is for connections:

Certificate Information

Windows does not have enough information to verify this certificate.

image

Notice that the certificate summary indicates that the server has information verifying the certificate.  Continuing to click on the Certificate Path will display the following:

Certificate status:

The issuer of this certificate could not be found.

image

To correct this problem, we will need to find the intermediate CA issuer of the certificate by navigating back to the General tab and making a note of the Issued by field which in this example displays:

Go Daddy Secure Certificate Authority - G2

image

All certificate authorities makes their Certificate Authorities certificates available through their website and for this example, we can obtain the GoDaddy certificate from the following URL:

https://certs.godaddy.com/repository

image

The certificate we are interested in is the:

GoDaddy Secure Server Certificate (Intermediate Certificate) – G2

gdig2.crt

image

Download and import the certificate into the Local Computer’s Intermediate Certification Authorities:

image

image

image

image

We should now see the intermediate chain displayed in the certificate’s Certification Path once the intermediate issuing Certificate has been imported into the Intermediate Certification Authorities

image

The next step is to import the Go Daddy Root Certificate Authority – G2 into the Local Computer’s Trusted Root Certification Authorities:

GoDaddy Class 2 Certification Authority Root Certificate – G2

gdroot-g2.crt

image

image

image

image

With both the intermediate and root certificates imported, the properties of the certificate should now display the properties free of any warnings:

imageimage

Proceed by restarting the VMware Horizon View Security Server service and the error for the iPad and Android devices will no longer be presented:

image

No comments: