Quantcast
Channel: VMware Communities: Message List
Viewing all articles
Browse latest Browse all 249166

Re: View Security Server certificate issue

$
0
0

Hi Mark,

 

I just experienced something similar.

 

This is what we have.

 

OUTSIDE FIREWALL - DMZ

 

Security server:

  • External URL: my.view.com
  • certificate for my.view.com issued by GoDaddy
  • PCoIP External URL: Public IP: 4172

 

INSIDE FIREWALL

 

Internal Connection server:

  • HTTPS Secure Channel - External URL: https://external-cs.domain.local:443
  • certificate for external-cs.domain.local issued by local Active Directory CA
  • PCoIP Secure Gateway - External URL: external-cs Internal IP:4172

 

Firewall has been set correctly to for traffic from Security --> Connection Server.

 

With this configuration the external client will not connect.

It'll get to the Username and Password section.

Establishing Secure Connection...

 

And then gave me the error:

The View Connection Server authentication failed. A secure connection to the server '(null)' cannot be established.

 

What's weird is that the configuration above is exactly the same as the one that I have on the View 5.0.1 environment and it worked there.

 

The only I can think of is the SSL certificate.

On the View 5.0.1, back then I was able to add internal host name on the GoDaddy certificate but since they have a new policy now, they no longer allowed anyone to include internal host name to the certificate. So it needs to be an external name only listed on the certificate.

 

Just for a kick, I try changing the connection server "HTTPS Secure Channel - External URL" to match the Security server which my.view.com and it worked for a session. I was able to connect to the desktop.

After about 10-15 minutes, I disconnect.

Then tried it again, and it failed.

 

I checked the View Administrator, it says that mismatch certificate on the connection server.

 

My question is do I need to revoke the internal certificate that was authenticated by local CA and install the external certificate that matched the security server?

So both the security server and internal CS will use the same certificate or I just need to make the internal CS to have an external name and issue its own cert from GoDaddy?

Will that be the solution on this?

 

Remember, they don't allow anyone to use internal name server and domain name on SSL cert.

 

Much appreciate your input.

 

Thanks.


Viewing all articles
Browse latest Browse all 249166

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>