vthistle.com

You are here: Home / Archives for LetsEncrypt

VMware Horizon View & LetsEncrypt

By

As most tech people, I like to build, destroy, rebuild and repeat. It’s what we do, its how we learn to do things. One of my latest deep-dives has been into Horizon View 7.X. A few years ago, I went down this path as well, and I bought a cert so that I could go through the setup.

Enter LetsEncrypt – Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. They provide certificates with a lifetime of 90 days and renewing a certificate is done within a couple of minutes, which is perfect for testing and home labs.

I started researching how I could use the LetsEncrypt certs with Horizon View and I couldn’t find much. Before we dive into how we make this happen, I first want to start out by saying using LetsEncrypt with Windows isn’t the simplest thing to do, So I used a CentOS Linux box – Super Small footprint for a cert generator. I’m not a Linux expert, so using and getting to know CentOS was also a learning experience.

So, in this article, I will go through the steps to get the cert, as well as applying them to Horizon View.

Installing LetsEncrypt

As mentioned above, I am using a CentOS machine to obtain the certs.

  • Log into the CentOS machine as root
  • First, we have to install and enable the EPEL repository
    • sudo yum install epel-release
  • Now, we can install certbot – certbot is just an application that goes out and gets the certs
    • sudo yum install certbot

Now that we have Certbot configured, we can now move on to Request the Certificate

Request a Certificate

*Note: change the items in red to match your needs

  1. Run the following command on your Linux box.
    • certbot certonly –manual –email xxxx@gmail.com -d server.vthistle.net –rsa-key-size 2048
  2. Agree to the ToS
  3. Decide if you want to share your email with LetsEncrypt
  4. Answer the question about “Are you ok with your IP being logged” as the IP requesting the cert
  5. Create a page on a web sever with the challenge key to prove you are in ownership of the site

  6. When the request has been validated, you will see a “CONGRATULATIONS
  7. Browse to /etc/letsencrypt/live/site.domain.com/
    1. You will find the following files:
      • cert.pem —-> Server Certificate
      • chain.pem —> Root and Intermediate Certs
      • fullchaim.pem –> Server, intermediate and root chain
      • privkey.pem —> Private key for Server Certificate

Convert PEM to PFX with Private Key

  1. Copy the files listed above from your Linux box to a windows box and use OpenSSL
  2. Run: openssl.exe pkc12 -export -out view.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
  3. You will then copy your “view.pfx” file that you can use on your Horizon View Server

Adding the new Cert to the Connection/Security Servers

  1. The process to replace the certs on the Connection Server and Security Servers are the same: open MMC.exe -> File -> Add/Remove Snap-in… -> Select Certificates -> Add:
  2. Change the “friendly name” of the default certificate to something other than vdm
  3. Go through the import wizard and ensure you check the box to “Mark this key as exportable
  4. Change the “Friendly Name” to vdm and restart the “VMware View Connection Server” service

Complete – Your View Connection Server is now using you 90 day LetsEncrypt certificate.