VMware JMP Replace SSL Certificate and Import Horizon Certificate

/ January 8, 2019/ VMware Horizon

Hello Everyone, Just a small blog about how you can change the default certificate on the JMP server and how you can import the Horizon certificate. The last step is necessary otherwise you will get the following error “This Horizon certificate is missing on the JMP server” while adding the JMP server in the horizon console.

What do we need?;

SSL Certificate with a private Key ( Make private key exportable, must be set )
A tool to convert the certificate, in my case I will use the tool “OpenSSL for windows“

The following process must be proceed

  • Use OpenSSL for converting the .PFX to .crt and key file
  • Copy the .key and .crt file to the JMP directory
  • Edit the NGINX config file on the server

OpenSSL, Convert PFX to .key and .crt

Before copy/paste the certificate we need to convert the .PFX into a .Crt and .Key file.
I used the following openssl command;

  • openssl pkcs12 -in C:\Temp\JMP\JMP01.pfx -clcerts -nokeys -out C:\Temp\JMP\JMP01.crt
  • openssl pkcs12 -in C:\Temp\JMP\JMP01.pfx -out C:\Temp\JMP\JMP01.key -nodes

Edit the NGINX config file on the server

  • Before editing the NGINX config file, copy/paste the .Crt and .Key file created in the previous step to the folder “C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf”
  • Stop the “JMP” services in the following order
    • VMware JMP API Service
    • VMware JMP File Share Service
    • VMware JMP Platform Services
  • Open the “nginx.conf” file in the folder C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf
  • Search for the following “ssl_certificate”
  • Edit the property “SSL_Certificate” and “ssl_certificate_key” changed it to the new certificate name.
    • ssl_certificate ;         jmp01.crt;
    • ssl_certificate_key;  jmp01.key;
  • Start the services.

Verify if you can reach the JMP server on https.

Add the JMP server in the Horizon Console “horizon certificate is missing”

While adding the JMP server, i received as aspect the following error “This Horizon certificate is missing on the JMP server”

  • Export the Horizon certificate from one of the connection brokers or grab the certificate from your backup/file location.
  • Use openssl for converting the .PFX file to a .pem file
    “openssl pkcs12 -in C:\Temp\JMP\werkplek.breugel.local.pfx -out C:\Temp\JMP\horizon.cert.pem -nodes”
  • Copy/paste the Horizon.cert.pem file to the following folder on the server “C:\Program Files (x86)\VMware\JMP\com”

Please try to make the connection again.

 

 

 

Leave a Comment

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
*
*