While playing with SSL certs on View servers I found one of my Connection servers would start all of its services, but not start listening on 443.
Note that netstat can be used to determine if something listening on 443:
C:Usersadministrator>netstat -ano |find "443" TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 3096 TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING 3320 TCP [::]:443 [::]:0 LISTENING 3096 TCP [::1]:443 [::1]:56154 ESTABLISHED 3096 TCP [::1]:443 [::1]:56155 ESTABLISHED 3096 TCP [::1]:56154 [::1]:443 ESTABLISHED 4188 TCP [::1]:56155 [::1]:443 ESTABLISHED 4188
Digging around in the View log I found:
ERROR (0DFC-0FBC) <Thread-1> [u] Couldn't create SSL socket factory for preferred protocol TLSv1.1: Private key is not exportable
Turns out, when you import the SSL cert you need to remember to check the “Mark this key as exportable” option:
Or you’ll run into this problem. To resolve find the certificate in Certificates (Local Computer)PersonalCertification, delete the old one and re-import.
Pingback: Updating SSL certificates on View Connection servers (SOS tech) | VMware News