OPERATIONAL DEFECT DATABASE
...
...
The VMware Unified Access Gateway certificate shows as untrusted on the Android Horizon ClientAndroid client logs show a certificate path issue: MM-DD HH:MM:SS D/VMwareViewActivity( 3116): Receiving certs error under mode 2, error string java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
The VMware Unified Access Gateway does not have the full chain in the pem or pfx file.
Replace the VMware Unified Access Gateway certificate with a full trusted chain in pem format or ensure to include all certs in chain when doing a pfx export. Prerequisites: Unless you already have a valid TLS/SSL server certificate and its private key, obtain a newly signed certificate from a Certificate Authority. When you generate a certificate signing request (CSR) to obtain a certificate, make sure that a private key is generated also. Do not generate certificates for servers using a KeyLength value under 1024.To generate the CSR, you must know the fully qualified domain name (FQDN) that client devices will use to connect to the Unified Access Gateway appliance and the organizational unit, organization, city, state, and country to complete the Subject name.Convert the certificate to PEM-format files and convert the .pem files to one-line format. See Convert Certificate Files to One-Line PEM Format. for details on creating a full chain pem certificate. Procedure: In the admin UI "Configure Manually Section", click Select. In the Advanced Settings > TLS Server Certificate Settings, click the gearbox icon. Click Select for the Private Key and browse to the private key file. Click Open to upload the file. Click Select for the Certificate Chain and browse to the certificate file. Click Open to upload the file. Click Save. If the certificate is accepted, a success message displays. The Keytool can be used to validate the pem file chain: # keytool -printcert -file certfile.pem | grep -i "owner\|sha1\|issuer:\|valid" What to do next: If the CA that signed the certificate is not well known, configure clients to trust the root and intermediate certificates Note: The directory of certificates that are shipped with Android devices will only be accurate for the current version of Android, and is updated when a new version of Android is released.
https://docs.vmware.com/en/Unified-Access-Gateway/3.1/com.vmware.uag-31-deploy-config.doc/GUID-EDC244DD-07AB-4841-A893-84ADF8D59838.html
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
