VMware UAG and Horizon Broker Certificate Gotchas in 2020

YOU are the weakest link!

New year and some of my clients need to update their certificates for the new decade.  Here were some little issues we ran into while upgrading certificates on the Horizon Broker and the UAG Appliance.

The first certificate we upgraded was the certificate on the View Broker.  We all know that for the past 10 years, we’ve had to name the new certificate imported as ‘vdm’ for the connection service to use it.  But if you make those changes and then try to connect to your view admin webpage, you might get an error like below:


Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.

The quick and easy fix to this issue is to just reexport your PFX key with it’s Private key and then on re-import, check the export private key option.  This will give the server the necessary pieces of the puzzle to provide clients with a secure connection end to end.

Now that the admin console is up to date and can access the administrative console, it is time to move to the UAG portion of the connection.

Upgrading certificates in the UAG is very easy.  Inside the UAG interface, there is an option to upload certificates via the browser.  Couple of clicks and you will be on your way.  There is ONE additional step you will need to preform though if you want a successful connection between the UAG and the connection server.

You will need to update the thumbprint configuration in the UAG.

Under Horizon Settings, you will find an area to enter in your Thumbprint.

If you don’t know the thumbprint, you just need to launch a browser, navigate to the admin page and view the details of the certificate.  Under Thumbprint, you can just copy the text.  Remember to add in sha1= before pasting in the actual thumbprint.

Bonus points if you can figure out who's thumbprint this is? :)

Happy New Year All!