{"id":335,"date":"2023-01-19T10:08:22","date_gmt":"2023-01-19T08:08:22","guid":{"rendered":"https:\/\/my-virt.alfadir.net\/?p=335"},"modified":"2023-01-25T23:44:53","modified_gmt":"2023-01-25T21:44:53","slug":"app-volumes-apps-on-demand-certificate-issue","status":"publish","type":"post","link":"https:\/\/my-virt.alfadir.net\/index.php\/2023\/01\/19\/app-volumes-apps-on-demand-certificate-issue\/","title":{"rendered":"App Volumes Apps On Demand – Certificate Issue"},"content":{"rendered":"\n

Horizon Suite 2212 is GA since last week and of course I already upgraded all my lab with this new release.<\/p>\n\n\n\n

I was particularly interested by the Application on Demand so directly manage App Volumes application on RDS with all entitlement done within the Horizon Console.<\/p>\n\n\n\n

The principle consist of adding App Volumes server in Horizon and then assign it to an “Automated” farm.<\/p>\n\n\n\n

Now when you add you App Volumes Server into Horizon, you’ll certainly need to import App Volumes certificates into the “Trusted Root Certification Authorities<\/strong>” folder and then restart Horizon Services on all you Connection Servers.<\/p>\n\n\n\n

Now even if doing that, you can encounter the following issue, with Enterprise signed certificate :<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I had this issue on my lab, so to get it solved, I had to generate a new certificate for my App Volumes server using a new Template.<\/p>\n\n\n\n

This is how to do it ….<\/p>\n\n\n\n\n\n\n\n

Open the Certification Authority mmc console, select Certificate Templates<\/em> then Manage<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Select “Web Server<\/em>” then Duplicate Template<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Use following settings :<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

This setting is very important because it’s the cause of the problem. You need both Client Authentication and Server Authentication<\/strong> (see : https:\/\/kb.vmware.com\/s\/article\/2095969<\/a>) <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

All others are defaults<\/p>\n\n\n\n

Once the new template is created, we need to make it “usable” : click “New” then “Certificate Template to Issue”<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

And select the new Template :<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

You can new generate a new certificate :<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Once you new certificate generated, you can export it as pfx and then convert it to PEM + Key using the OpenSSL<\/p>\n\n\n\n

#openssl.exe pkcs12 -in av-cert.pfx -nocerts -out av-cert.key.pem -nodes -password pass:<password>\n#openssl.exe pkcs12 -in av-cert.pfx -nokeys -out av-cert.pem -password pass:<password>\n#openssl.exe rsa -in av-cert.key.pem -out av-cert.key\n# del av-cert.key.pem<\/code><\/pre>\n\n\n\n
Next step, edit nginx.conf file (in c:\\Program Files (x86)\\Cloud Volumes\\Manager\\nginx\\conf), and change the certificate and key name as required.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Copy the certificate (but not the private key) to your Connections Servers and install it into the “Trusted Root Certification Authorities<\/strong>” store:<\/p>\n\n\n\n
\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"
Horizon Suite 2212 is GA since last week and of course I already upgraded all my lab with this new release. I was particularly interested by...<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,2],"tags":[],"class_list":["post-335","post","type-post","status-publish","format-standard","hentry","category-app-volumes","category-horizon"],"_links":{"self":[{"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/posts\/335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/comments?post=335"}],"version-history":[{"count":2,"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/posts\/335\/revisions"}],"predecessor-version":[{"id":357,"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/posts\/335\/revisions\/357"}],"wp:attachment":[{"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/media?parent=335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/categories?post=335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/my-virt.alfadir.net\/index.php\/wp-json\/wp\/v2\/tags?post=335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}