VDI: no connection after installing certificate. - Technicalhelp: A Flexible Computing Service

This topic is empty.

Viewing 7 posts - 1 through 7 (of 7 total)

Author

Posts
June 18, 2013 at 10:49 am #7898
Mecallie
Member
- Total Post: 5
- Newbie
We are using WTOS 7.1_0122 on our V10L(E)/T10 terminals to connect to our VDI connection broker. We used to have a self signed certificate, users needed to “accept” the warning before they could connect to the connection broker.

After installing a wildcard certificate (*.domain.tld) from Thawte we cannot connect to the connection broker. It simply says the certificate is invalid and the root is untrusted. Even after installing the Thawte root and SSL intermediate certificates it still says the host name does not match and the root is not trusted.

How can I get our clients to connect using the new wildcard certificate? It is very annoying that a self signed certificate works, but a “real” certificate does not!
June 19, 2013 at 1:01 pm #23990
ConfGen
Keymaster
- Total Post: 10696
- Jedi Master
How did you import the new certificates to the unit? What format does the certs have?
Is the timeserver configured?

CG
June 21, 2013 at 12:55 pm #23999
Mecallie
Member
- Total Post: 5
- Newbie
@ConfGen wrote:

How did you import the new certificates to the unit? What format does the certs have?
Is the timeserver configured?

CG

The certificates where imported with the following lines in wnos.ini:
;AddCertificate=thawtePrimaryRootCA.cer
;AddCertificate=ThawteSSLCA.cer
;AddCertificate=ourwildcardcertificate.cer

However, it does not see the certification path. It says “certificate authority is incorrect” and “hostname does not match”. When I look at the certificate details I just see *.unigarant.nl and not the intermediate or the root certificates in the path…

When I look in the certificate store however, the path IS correct… 😕

The time is correct and updates from our domain controller.
June 22, 2013 at 2:28 pm #24000
ConfGen
Keymaster
- Total Post: 10696
- Jedi Master
Remove these certs, rename them to *.crt and reimport.

CG
June 24, 2013 at 6:20 am #24006
Mecallie
Member
- Total Post: 5
- Newbie
@ConfGen wrote:

Remove these certs, rename them to *.crt and reimport.

CG

Already tried that, does not work. I think ThinOS just does not support wildcard certificates yet. Does anyone have a wildcard certificate working?

I am thinking about creating a server called * . That way the hostname should be correct for *.ourdomain.nl 😉
June 26, 2013 at 6:31 am #24011
ConfGen
Keymaster
- Total Post: 10696
- Jedi Master
Missed that. You are right. Wildcard certs are not supported.

CG
June 26, 2013 at 9:30 am #24014
Mecallie
Member
- Total Post: 5
- Newbie
@ConfGen wrote:

Missed that. You are right. Wildcard certs are not supported.

CG

Strange thing is: it should be supported since _122, at least that is stated in the release notes…
Author

Posts

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.