BugZero | VMware BugID 80121 - The VMware Unified Access Gateway certificate is u...

VMware - Defect ID: 80121

The VMware Unified Access Gateway certificate is untrusted on Android Horizon Client

VMware - Defect ID: 80121

The VMware Unified Access Gateway certificate is untrusted on Android Horizon Client

Last updated on 10/20/2022

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptoms

The VMware Unified Access Gateway certificate shows as untrusted on the Android Horizon ClientAndroid client logs show a certificate path issue: MM-DD HH:MM:SS D/VMwareViewActivity( 3116): Receiving certs error under mode 2, error string java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Cause

The VMware Unified Access Gateway does not have the full chain in the pem or pfx file.

Resolution

Replace the VMware Unified Access Gateway certificate with a full trusted chain in pem format or ensure to include all certs in chain when doing a pfx export. Prerequisites: Unless you already have a valid TLS/SSL server certificate and its private key, obtain a newly signed certificate from a Certificate Authority. When you generate a certificate signing request (CSR) to obtain a certificate, make sure that a private key is generated also. Do not generate certificates for servers using a KeyLength value under 1024.To generate the CSR, you must know the fully qualified domain name (FQDN) that client devices will use to connect to the Unified Access Gateway appliance and the organizational unit, organization, city, state, and country to complete the Subject name.Convert the certificate to PEM-format files and convert the .pem files to one-line format. See Convert Certificate Files to One-Line PEM Format. for details on creating a full chain pem certificate. Procedure: In the admin UI "Configure Manually Section", click Select. In the Advanced Settings > TLS Server Certificate Settings, click the gearbox icon. Click Select for the Private Key and browse to the private key file. Click Open to upload the file. Click Select for the Certificate Chain and browse to the certificate file. Click Open to upload the file. Click Save. If the certificate is accepted, a success message displays. The Keytool can be used to validate the pem file chain: # keytool -printcert -file certfile.pem | grep -i "owner\|sha1\|issuer:\|valid" What to do next: If the CA that signed the certificate is not well known, configure clients to trust the root and intermediate certificates Note: The directory of certificates that are shipped with Android devices will only be accurate for the current version of Android, and is updated when a new version of Android is released.

Related Information

https://docs.vmware.com/en/Unified-Access-Gateway/3.1/com.vmware.uag-31-deploy-config.doc/GUID-EDC244DD-07AB-4841-A893-84ADF8D59838.html

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

VMware - Defect ID: 80121

The VMware Unified Access Gateway certificate is untrusted on Android Horizon Client

VMware - Defect ID: 80121

The VMware Unified Access Gateway certificate is untrusted on Android Horizon Client

Last updated on 10/20/2022

Vendor details

Vendor details

Description

Symptoms

Cause

Resolution

Related Information

Links

Top VMware defects by risk score

Ready to prevent the next vendor outage?