Updating SSL certificates on View Connection servers

Posted on July 22, 2013 by josh@sostechblog.com

While playing with SSL certs on View servers I found one of my Connection servers would start all of its services, but not start listening on 443.

Note that netstat can be used to determine if something listening on 443:

C:Usersadministrator>netstat -ano |find "443"
 TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 3096
 TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING 3320
 TCP [::]:443 [::]:0 LISTENING 3096
 TCP [::1]:443 [::1]:56154 ESTABLISHED 3096
 TCP [::1]:443 [::1]:56155 ESTABLISHED 3096
 TCP [::1]:56154 [::1]:443 ESTABLISHED 4188
 TCP [::1]:56155 [::1]:443 ESTABLISHED 4188

Digging around in the View log I found:

ERROR (0DFC-0FBC) <Thread-1> [u] Couldn't create SSL socket factory for preferred protocol TLSv1.1: Private key is not exportable

Turns out, when you import the SSL cert you need to remember to check the “Mark this key as exportable” option:

Or you’ll run into this problem. To resolve find the certificate in Certificates (Local Computer)PersonalCertification, delete the old one and re-import.

This entry was posted in Computing, Virtualization, VMware and tagged Horizon, SSL, troubleshoot, vdi, View. Bookmark the permalink.

One Response to Updating SSL certificates on View Connection servers

Pingback: Updating SSL certificates on View Connection servers (SOS tech) | VMware News

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.