VMware App Volumes Replace SSL Certificate
Hello Everyone, Just a small blog about how you can change the default certificate on the App Volumes server. Instead of changing the certificate on the Horizon Connection brokers, it needs more steps to do and can be for the first time quite complex.
First of all, why do we need to change the default certificate and can you used port 80 instead? While doing the installation of the App Volumes manager by default the installer will used port 443 for the communication between the agent and the server. If you got reasons to enable port 80 instead of 443 ( test environments ) you can select the box (Allow Connections over HTTP )
* after the installation, it is possible to change the used protocol from 443 to 80 and reverse *
What do we need?;
- SSL Certificate with a private Key ( Make private key exportable, must be set )
- A tool to convert the certificate, in my case I will use the tool “OpenSSL for windows“
The following process must be proceed
- Import the SSL certificate to the App Volumes Manager server.
- Use OpenSSL for doing the export to .key and .crt
- Copy the .key and .crt file to the appvolumes directory
- Edit the NGINX config file on the server
OpenSSL, Convert PFX to .key and .crt
After copy/paste the SSL certificate to the server, we need to convert the .PFX file to a key and certificate file.
- C:\OpenSSL-Win64\bin>openssl pkcs12 -in C:\Temp\SSL\Appv01.Breugel.local.pfx -clcerts -nokeys -out C:\Temp\SSL\Appv01.Breugel.local.crt
- C:\OpenSSL-Win64\bin>openssl pkcs12 -in C:\Temp\SSL\Appv01.Breugel.local.pfx -out C:\Temp\SSL\Appv01.Breugel.local.key -nodes
After converting the Cert, we’ve got three certificates. In the next step we need only the .Crt and .Key file.
Edit the NGINX config file on the server
- Before editing the NGINX config file, copy/paste the .Crt and .Key file created in the previous step to the folder “C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf”
- Stop the “App Volumes Manager” service
- Open the “nginx.conf” file in the folder C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf
- Search for the following “ssl_certificate”
- Edit the property “SSL_Certificate” and “ssl_certificate_key” changed it to the new certificate name.
- ssl_certificate ; Appv01.Breugel.local.crt;
- ssl_certificate_key; Appv01.Breugel.local.key;
- Save the Config file and start the “App Volumes Manager” service
After starting the service, check if the right certificate has been used.
Changing the default certificate on the VMware App Volumes can be done in a few steps. to speedup this process make sure that you’ve got a SSL certificate with a private key and the openssl tool for doing the converting.
Good Luck with changing the certificate!