What the Cert, AppVolumes 2.X and 4.X replacement
This next part assumes that the FQDN for AppVolumes Manager is part of the original CSR request. If you refer back to https://www.vbrit.net/certificates/what-the-cert you can see how I did this in the horizon_csr.cfg, scroll to the right on the subjectAltName line. It would be nice if all the certs used the same format but they don’t but I think I found a way to make this as painless as possible.
Topology
Who doesn’t like pictures, as you can see we are going to protect the AVM VIP and Nodes.
Exporting the certificate
I am going to reuse the certificate that was installed on the Connection Server, Export it and then use OpenSSL to extract the cert and Key into the required format. So, first RDP to the Connection Server. Open mmc then select File then “Add or Remove Snap-ins” and select Certificates.
Select Computer account and select Next, Local Computer and Finish
Open the Personal, Certificates and select the Horizon Certificate. Should have the Friendly name vdm.
Select Export, Next. Select “Yes, export the private key”, Next
Select the following properties and select Next
Select the Password check box and assign a password, Next
Remember this password!
Save the Certificate and name it avm.pfx. Move the cert to the computer that has OpenSSL and using the folder from before. i.e. C:\Certs\AVM
This next part we extract the key from the exported PFX file in RSA format and then convert it to PEM
Open and elevated command prompt and change to the OpenSSL bin folder. Enter the following command
Enter the password from the Export and use it again in the PEM pass phrase.
Now we export from the PFX and convert to the correct format.
In the C:\certs\avm folder you should see. We only care about avm.crt and avm_pem.key, copy these to the AppVolumes Manager
Import Certificate
Copy the certificates avm.crt & avm_pem.key to the following location on the AppVolumes Manager(s)
C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf
From the AppVolumes Manager, open an elevated Command prompt and type notepad. This will open Notepad with the correct right to edit the nginx.conf file and save.
Edit the following lines to reflect the new names of the certificates.
It should look like this below, save the file
Now restart the App Volumes Manager Service for the new Certificates to take effect
Once the service has restarted you should see the padlock indicating the session is secure and the Certificate is trusted.
Hope this helps