Unsolved
This post is more than 5 years old
7 Posts
0
60474
WYSE P20 Certificate Installation Error
WYSE P20 Certificate Installation Error
Hi
We are using WYSE P20 clients in a View 4.6 environment. We are wanting to upgrade to the latest version of VIEW and as a prerequisite, get root certificates working on the WYSE P20.
We are using VIEW within our internal network space only, so the best option for us is to install on to the P20s the root certificate generated by our MS Windows Domain Controller.
We have exported the certificated as both a DER- and/or Base64-encoded .CER file, renamed that file with a .PEM extention and tried to re-apply the Policy to the P20's, but cannot make this work.
The error message we are seeing is as follows:
02/23/2013, 13:17:18> LVL:1 RC:-501 X509_UTIL validate_pem_cert): Certificate length is not divisible by 4! [len = 1]
02/23/2013, 13:17:18> LVL:1 RC:-501 X509_UTIL tera_x509_util_is_valid): PEM certificate is invalid!
02/23/2013, 13:17:18> LVL:2 RC: 0 GSOAP :SOAP 1.2 fault: SOAP-ENV:Sender [no subcode]
02/23/2013, 13:17:18> LVL:2 RC: 0 GSOAP :"rootCertificate is invalid!" Detail: [no detail]
02/23/2013, 13:17:18> LVL:0 RC: 12 MGMT_CMI :Error serving SOAP request!
Unfortunately this is a *major* issue for us because it is actively preventing us from upgrading VIEW. If we cannot resolve the issue, we will have no choice other than to dump the P20's altogether and find alternative hardware.
Can anyone advise as to whether there is a working solution for getting "self-signed" (i.e. non-Public) Root certificates working on these devices?
Any advice gratefully received
thx
Robert
robertellis3
7 Posts
0
May 13th, 2015 06:00
In order to try to troubleshoot this issue, we have:
* Export (from a standard XP Workstation) a VERISign Public Root Certificate in X509 DER format, and tried to apply it to a test P20 unit;
* Export (from a standard XP Workstation) a VERISign Public Root Certificate in X509 Base64 format, and tried to apply it to a test P20 unit;
* Export (from a standard XP Workstation) a VERISign Public Root Certificate in X509 DER format, converted to UTF8 encoding, and tried to apply it to a test P20 unit;
* Export (from a standard XP Workstation) a VERISign Public Root Certificate in X509 Base64 format, converted to UTF8 encoding, and tried to apply it to a test P20 unit.
In all cases, we receive the same error as for using the Root Certificate generated by our Win CA.
So, we are moving toward the conclusion that this is less a problem specific to our Certificate and more of a problem with the P20 units. There is clearly a fundamental flaw if the devices will not successfully upload genuine, public root certificates as issued by the likes VeriSign.
More to follow...
robertellis3
7 Posts
0
May 13th, 2015 06:00
If anyone has thoughts or can help with this I'd be very grateful. Anyone ??
robertellis3
7 Posts
0
May 28th, 2015 04:00
Once you upgrade the firmware on your devices to FW 4.0.2, you get an additional option to upload a Certificate through the Web Interface Of the actual device (rather than uploading a certificate to a policy on the management device and then deploying it)
If using the Web Interface of the individual device, the following certificates WILL upload successfully when exported from an XP workstation:
VeriSign Root Certificate X509 Base64
VeriSign Root Certificate X509 Base64 UTF-8
Anything in DER-format will NOT upload.
More to follow...
robertellis3
7 Posts
0
June 1st, 2015 06:00
Once you upgrade the firmware on your devices to FW 4.0.2, you get an additional option to upload a Certificate through the Web Interface Of the actual device (rather than uploading a certificate to a policy on the management device and then deploying it)
**A Certificate issued by a Win CA will also upload successfully if exported in Base64 format, provided you upload it on each P20 device individually using the Web Interface **
forbsy
4 Posts
0
June 1st, 2015 07:00
1) Install 4.0.2 Teradici firmware on all your P20's.
2) Install a new PcOIP Management Console. I believe this error is due to some kind of corruption in the Management Console. Scrapping the existing MC and starting over resolved the Issue.
Good luck.
Hi. I've installed the latest Teradici firmware 4.1.X and uploaded the trusted certificate via the Administrative Web Interface (AWI). I still get the following error:
Failed to connect. The server provided a certificate that is invalid. See below for details: The supplied certificate is not rooted in the device's local certificate store.
It doesn't seem that using the AWI correctly uploads the trusted cert to the device certificate store. I've downloaded and installed the PCoIP Management Console, but don't understand how to use it to properly discover my devices and subsequently upload the cert to the certificate store. Would you be able to supply instructions?
Thanks
robertellis3
7 Posts
0
June 1st, 2015 07:00
Resolution
If you encounter the error detailed in my OP, here is the resolution
1) Install 4.0.2 Teradici firmware on all your P20's.
2) Install a new PcOIP Management Console. I believe this error is due to some kind of corruption in the Management Console. Scrapping the existing MC and starting over resolved the Issue.
Good luck.
Cornerstone-201
2 Posts
0
June 1st, 2015 07:00
I did get through this issue with robertellis3's solution. To add some details here's what I did.
-On my View Connection Server I went into Internet Explorer -Content - Certificates and exported the following certificates in Base64
Intermediate Cert Authorities certificate from my internal CA
Trusted Root Certification Authorities from my internal CA
-I then renamed the certs with a .PEM extension and uploaded them both to the individual P20 through its own internal web mgmt console.
Just out of curiosity I uploaded the Intermediate cert first and tried to connect and HTTPS was still red and crossed out. I then uploaded the Trusted Root cert and HTTPS is now in green and not x'd out. Thanks much robert!