«

»

May 01 2010

Re-establishing VMware View Self-Signed Certificate

One of my customers recently decided that they did not want to pay anymore for the Trusted Certificate for their VMware View implementation and revoked that certificate with the CA root.

They tried to revert the original certificate back but not knowing the original password and because everything seemed to be working OK they just left everything the way it was.

Couple weeks later they reboot the Connection Servers, however after the reboot the Connection Server service would not start, failing with:

Request failed: com.vmware.vdi.ob.tunnelservice.cx: Failed whilst returning body: java.io.IOException: Broken pipe

AJP connection test failed: com.vmware.vdi.ob.tunnelservice.cx: Failed to read from server: java.net.SocketException: Connection reset

I thought this was an interesting situation and decided to share the solution as it is also applicable for when the original self-signed certificate expires.

 

To re-establish the self-signed certificate follow these steps:

1. Open the command prompt on your View Connection Server:
Start >> Run >> CMD

2. Change directory to:
C:\Program Files\VMware\VMware View\Server\sslgateway\conf

3. If a keys.p12 file already exist delete or save the existing file to a different folder the run the following command:
keytool -genkey -keyalg "RSA" -keystore keys.p12 -storetype pkcs12 -validity 360
* The validity specify 1 year (360)
Enter keystore password: (make sure to write down the new password)
When asked for your first and last name, enter the fully qualified domain name FQDN of your View server. DO NOT enter your name or the certificate you create will be invalid:
What is your first and last name?
vmwareview.yourcompany.com
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=vmwareview.yourcompany.com, OU=, O=, L=, ST=, C= correct? yes
Enter key password for (RETURN if same as keystore password):
Complete this step for all Connection Servers with the revoked or expired certificates.

 

The second and final step involves defining the certificate that VMware View should use.

4. On same directory ‘C:\Program Files\VMware\VMware View\Server\sslgateway\conf’
type notepad locked.properties

5. Add the following to the file replacing with your keystore’s password:
keyfile=keys.p12
keypass= Password defined on the first step

6. Save the locked.properties file and exit notepad.

7. Restart the View Connection Server service

 

Some good information can be found at http://www.tcpdump.com

2 comments

  1. psy

    which version of View is this for?

  2. psy

    doesnt work for horizon view 5.2

Leave a Reply