Installing a wildcard certificate with Horizon Workspace

May 30, 2013 — Leave a comment

Within my lab environment I largely used a wildcard certificate for all my external services. This certificate was originally created on my Exchange server within my environment. Using this certificate on other Windows servers is generally an easy task of exporting the certificate with the private key and applying to the new server. However using this certificate with Horizon Workspace was a little different.

Firstly the certificate needs to be configured on the Horizon Configurator appliance through the following URL >> https://horizonconfigname/cfg

You then select SSL Certificate from the left hand menu.

image

I re-downloaded the certificate from my certificate provider, opened it in notepad and was able to import this into the SSL box. Ensure that you also copy the intermediary certificates into this box immediately after your certificate. This was supplied by Go Daddy in a gd_bundle.cert file.

image

The exporting the private key from the Exchange server was a little more complex. First I exported the certificate as follows.

From an MMC console add the Certificate snap in, ensure you select Computer Account, Local Computer.

image

Browse to your wildcard certificate, right click and select export

image

The certificate export wizard will appear

image

Ensure you choose yes, export the private key.

image

Choose to export the certificate as Personal Information Exchange Format.

image

Finally you will need to input a password and choose where to save the certificate too.

Next we need to extract the private key from the certificate, the way that I achieved this was with an application called OpenSSL.

Download the installer from here http://www.openssl.org/related/binaries.html 

I chose the Win32 OpenSSL v1.0.1e Light variant, once downloaded I ran a simple Next, Next, Next installation. This installed the application to C:\OpenSSL-Win32

From a command prompt you will now need to run the following commands from the command line. 

openssl pkcs12 –in [location to *.pfx file] –nocerts –out key.pem

image

You will be prompted to enter the password and to create a password, you will then be asked to enter a phrase for the PEM file that is too be created.

Once this is done we are left with an encrypted private key file, the next step is to remove the passphrase encryption.

image

We now have a file that we are able to open in notepad and paste its contents into the Horizon Configurator.

image 

Once we have pasted the key into the Private Key box we are able to select save.

image

We will now need to repeat this process on the Horizon Connector.

image

You should now be in a position to test Horizon in a browser to ensure the certificate is valid.

image

If you receive the following error ensure that you have pasted your intermediary certificates after your certificate in the SSL Certificate boxes shown above.

Request failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

image

No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s