Problem
You’ve recently renewed the certificate issued by a public CA for your VMware Horizon View Security server that secures external incoming traffic. Windows desktops continue to connect without any issues but users with iPads or Android devices receive the following error:
iPad Error:
Untrusted Horizon Connection
VMware Horizon cannot verify your connection. Contact your administrator.
View Certificate
Do Not Connect
Clicking on the View Certificate shows the following certificate details (this example uses a GoDaddy certificate):
Not Trusted
Android Error:
Security Error
Failed to connect to the Connection Server. The server provided a certificate that is inavlid.
Clicking on the View Certificate shows the following certificate details (this example uses a GoDaddy certificate):
The certificate is not trusted.
Solution
Assuming that you are using the Fully Qualified Domain Name to connect to the View Connection Server then one of the reasons why this error is thrown is because either the root or intermediate or both of the certificates have not been imported into your View Security Server. To confirm whether this is the case, log onto your View Security Server, launch the MMC and open the properties of the certificate that is for connections:
Certificate Information
Windows does not have enough information to verify this certificate.
Notice that the certificate summary indicates that the server has information verifying the certificate. Continuing to click on the Certificate Path will display the following:
Certificate status:
The issuer of this certificate could not be found.
To correct this problem, we will need to find the intermediate CA issuer of the certificate by navigating back to the General tab and making a note of the Issued by field which in this example displays:
Go Daddy Secure Certificate Authority - G2
All certificate authorities makes their Certificate Authorities certificates available through their website and for this example, we can obtain the GoDaddy certificate from the following URL:
https://certs.godaddy.com/repository
The certificate we are interested in is the:
GoDaddy Secure Server Certificate (Intermediate Certificate) – G2
gdig2.crt
Download and import the certificate into the Local Computer’s Intermediate Certification Authorities:
We should now see the intermediate chain displayed in the certificate’s Certification Path once the intermediate issuing Certificate has been imported into the Intermediate Certification Authorities
The next step is to import the Go Daddy Root Certificate Authority – G2 into the Local Computer’s Trusted Root Certification Authorities:
GoDaddy Class 2 Certification Authority Root Certificate – G2
gdroot-g2.crt
With both the intermediate and root certificates imported, the properties of the certificate should now display the properties free of any warnings:
Proceed by restarting the VMware Horizon View Security Server service and the error for the iPad and Android devices will no longer be presented:
No comments:
Post a Comment