Within my lab environment I largely used a wildcard certificate for all my external services. This certificate was originally created on my Exchange server within my environment. Using this certificate on other Windows servers is generally an easy task of exporting the certificate with the private key and applying to the new server. However using this certificate with Horizon Workspace was a little different.
Firstly the certificate needs to be configured on the Horizon Configurator appliance through the following URL >> https://horizonconfigname/cfg
You then select SSL Certificate from the left hand menu.
I re-downloaded the certificate from my certificate provider, opened it in notepad and was able to import this into the SSL box. Ensure that you also copy the intermediary certificates into this box immediately after your certificate. This was supplied by Go Daddy in a gd_bundle.cert file.
The exporting the private key from the Exchange server was a little more complex. First I exported the certificate as follows.
From an MMC console add the Certificate snap in, ensure you select Computer Account, Local Computer.
Browse to your wildcard certificate, right click and select export
The certificate export wizard will appear
Ensure you choose yes, export the private key.
Choose to export the certificate as Personal Information Exchange Format.
Finally you will need to input a password and choose where to save the certificate too.
Next we need to extract the private key from the certificate, the way that I achieved this was with an application called OpenSSL.
Download the installer from here http://www.openssl.org/related/binaries.html
I chose the Win32 OpenSSL v1.0.1e Light variant, once downloaded I ran a simple Next, Next, Next installation. This installed the application to C:\OpenSSL-Win32
From a command prompt you will now need to run the following commands from the command line.
openssl pkcs12 –in [location to *.pfx file] –nocerts –out key.pem
You will be prompted to enter the password and to create a password, you will then be asked to enter a phrase for the PEM file that is too be created.
Once this is done we are left with an encrypted private key file, the next step is to remove the passphrase encryption.
We now have a file that we are able to open in notepad and paste its contents into the Horizon Configurator.
Once we have pasted the key into the Private Key box we are able to select save.
We will now need to repeat this process on the Horizon Connector.
You should now be in a position to test Horizon in a browser to ensure the certificate is valid.
If you receive the following error ensure that you have pasted your intermediary certificates after your certificate in the SSL Certificate boxes shown above.
Request failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target