Horizon Certificates to be used after legacy Connector migration from 19.03/19.03.0.1 to 22.09 (22.0x)

Posted byNavjyot Singh ChaneyPosted inGeneral, VMware Horizon, Workspace ONE AccessTags:, , ,

Introduction

Migration of legacy connectors to 22.0x is a separate topic all together and if you’re interested in knowing more about it, kindly check the VMware Document here.

This blog covers the use of Horizon Certificates post migration. If your use case has Horizon Virtual apps collection, make sure the connection servers or the Horizon cloud tenant’s servers have a valid certificate signed by a CA. You will have to upload the certificate chain to the connectors instances on which the Virtual app service will run. This is done to establish the trust between the connectors and the Horizon instance. This is a new requirement starting with Workspace ONE Access connector 21.08.

Assumption

The connectors have been migrated and all the services are up and running on the server. You will see an additional Kerberos service below if you choose to install it.

What to upload

You should use the exact same certificates that were uploaded here to establish the trust between the connectors and your Horizon instance

In order to do that, you would first have to navigate to the Horizon Console–>Capacity–>upload Pod Certificates. These are the exact same certificates, you would have to upload on the connector servers, in .PEM format by running the connector installer again. I’ve removed the sensitive information from this image but you should see additional information like “Location” and “Pod Manager Load Balancer IP” details in your environment.

Process to Upload the Certificates

Steps:

  1. Go to the folder location where you have the connector installer. In this case, I am using version 22.09.1
  2. Right Click and run the installer as an Admin
  3. Hit Next

4. Choose “Add/Remove Services”

5. Hit Next or Modify if needed

6. Enable Proxy if required

7. Enable Syslog if required

8. Modify Citrix configuration if needed

9. Upload the Trusted Root Certificates here.

10. Proceed with other prompts and on the summary page, hit install.

Conclusion

You should be able to successfully sync the Virtual apps. If you still run into issues, I’d strongly suggest to re-verify the uploaded certificates.

The idea is to establish the trust between the two servers. Once the trust is established, the sync will work perfectly. I had a hard time figuring out the right certificates but doing some research and talking to the right folks helped me.

Hope this helps!

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: