As most tech people, I like to build, destroy, rebuild and repeat. It’s what we do, its how we learn to do things. One of my latest deep-dives has been into Horizon View 7.X. A few years ago, I went down this path as well, and I bought a cert so that I could go through the setup.
Enter LetsEncrypt – Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. They provide certificates with a lifetime of 90 days and renewing a certificate is done within a couple of minutes, which is perfect for testing and home labs.
I started researching how I could use the LetsEncrypt certs with Horizon View and I couldn’t find much. Before we dive into how we make this happen, I first want to start out by saying using LetsEncrypt with Windows isn’t the simplest thing to do, So I used a CentOS Linux box – Super Small footprint for a cert generator. I’m not a Linux expert, so using and getting to know CentOS was also a learning experience.
So, in this article, I will go through the steps to get the cert, as well as applying them to Horizon View.
Installing LetsEncrypt
As mentioned above, I am using a CentOS machine to obtain the certs.
- Log into the CentOS machine as root
- First, we have to install and enable the EPEL repository
- Now, we can install certbot – certbot is just an application that goes out and gets the certs
- sudo yum install certbot
- sudo yum install certbot
Now that we have Certbot configured, we can now move on to Request the Certificate
Request a Certificate
*Note: change the items in red to match your needs
- Run the following command on your Linux box.
- Agree to the ToS
- Decide if you want to share your email with LetsEncrypt
- Answer the question about “Are you ok with your IP being logged” as the IP requesting the cert
- Create a page on a web sever with the challenge key to prove you are in ownership of the site
- When the request has been validated, you will see a “CONGRATULATIONS“
- Browse to /etc/letsencrypt/live/site.domain.com/
- You will find the following files:
- cert.pem —-> Server Certificate
- chain.pem —> Root and Intermediate Certs
- fullchaim.pem –> Server, intermediate and root chain
- privkey.pem —> Private key for Server Certificate
- You will find the following files:
Convert PEM to PFX with Private Key
- Copy the files listed above from your Linux box to a windows box and use OpenSSL
- Run: openssl.exe pkc12 -export -out view.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
- You will then copy your “view.pfx” file that you can use on your Horizon View Server
Adding the new Cert to the Connection/Security Servers
- The process to replace the certs on the Connection Server and Security Servers are the same: open MMC.exe -> File -> Add/Remove Snap-in… -> Select Certificates -> Add:
- Change the “friendly name” of the default certificate to something other than vdm
- Go through the import wizard and ensure you check the box to “Mark this key as exportable“
- Change the “Friendly Name” to vdm and restart the “VMware View Connection Server” service
Complete – Your View Connection Server is now using you 90 day LetsEncrypt certificate.