- This topic is empty.
-
AuthorPosts
-
June 18, 2013 at 10:49 am #7898
We are using WTOS 7.1_0122 on our V10L(E)/T10 terminals to connect to our VDI connection broker. We used to have a self signed certificate, users needed to “accept” the warning before they could connect to the connection broker.
After installing a wildcard certificate (*.domain.tld) from Thawte we cannot connect to the connection broker. It simply says the certificate is invalid and the root is untrusted. Even after installing the Thawte root and SSL intermediate certificates it still says the host name does not match and the root is not trusted.
How can I get our clients to connect using the new wildcard certificate? It is very annoying that a self signed certificate works, but a “real” certificate does not!
June 19, 2013 at 1:01 pm #23990How did you import the new certificates to the unit? What format does the certs have?
Is the timeserver configured?CG
June 21, 2013 at 12:55 pm #23999@ConfGen wrote:
How did you import the new certificates to the unit? What format does the certs have?
Is the timeserver configured?CG
The certificates where imported with the following lines in wnos.ini:
;AddCertificate=thawtePrimaryRootCA.cer
;AddCertificate=ThawteSSLCA.cer
;AddCertificate=ourwildcardcertificate.cerHowever, it does not see the certification path. It says “certificate authority is incorrect” and “hostname does not match”. When I look at the certificate details I just see *.unigarant.nl and not the intermediate or the root certificates in the path…
When I look in the certificate store however, the path IS correct… 😕
The time is correct and updates from our domain controller.
June 22, 2013 at 2:28 pm #24000Remove these certs, rename them to *.crt and reimport.
CG
June 24, 2013 at 6:20 am #24006@ConfGen wrote:
Remove these certs, rename them to *.crt and reimport.
CG
Already tried that, does not work. I think ThinOS just does not support wildcard certificates yet. Does anyone have a wildcard certificate working?
I am thinking about creating a server called * . That way the hostname should be correct for *.ourdomain.nl 😉
June 26, 2013 at 6:31 am #24011Missed that. You are right. Wildcard certs are not supported.
CG
June 26, 2013 at 9:30 am #24014 -
AuthorPosts
- You must be logged in to reply to this topic.