This next part assumes that the FQDN for AppVolumes Manager is part of the original CSR request. If you refer back to https://www.vbrit.net/certificates/what-the-cert you can see how I did this in the horizon_csr.cfg, scroll to the right on the subjectAltName line. It would be nice if all the certs used the same format but they don’t but I think I found a way to make this as painless as possible.

Topology

Who doesn’t like pictures, as you can see we are going to protect the AVM VIP and Nodes.

Exporting the certificate

I am going to reuse the certificate that was installed on the Connection Server, Export it and then use OpenSSL to extract the cert and Key into the required format. So, first RDP to the Connection Server. Open mmc then select File then “Add or Remove Snap-ins” and select Certificates.

Select Computer account and select Next, Local Computer and Finish

Open the Personal, Certificates and select the Horizon Certificate. Should have the Friendly name vdm.

Select Export, Next. Select “Yes, export the private key”, Next

Select the following properties and select Next

Select the Password check box and assign a password, Next

Remember this password!

Save the Certificate and name it avm.pfx. Move the cert to the computer that has OpenSSL and using the folder from before. i.e. C:\Certs\AVM

This next part we extract the key from the exported PFX file in RSA format and then convert it to PEM

Open and elevated command prompt and change to the OpenSSL bin folder. Enter the following command

openssl pkcs12 -in C:\certs\avm\avm.pfx -nocerts -out C:\certs\avm\avm.key

Enter the password from the Export and use it again in the PEM pass phrase.

openssl rsa –in C:\certs\avm\avm.key -outform PEM –out C:\certs\avm\avm_pem.key

Now we export from the PFX and convert to the correct format.

pkcs12 –in C:\certs\avm\avm.pfx –clcerts –nokeys –out C:\certs\avm\avm.crt

Enter the password from above.

In the C:\certs\avm folder you should see. We only care about avm.crt and avm_pem.key, copy these to the AppVolumes Manager

Import Certificate

Copy the certificates avm.crt & avm_pem.key to the following location on the AppVolumes Manager(s)

C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf

From the AppVolumes Manager, open an elevated Command prompt and type notepad. This will open Notepad with the correct right to edit the nginx.conf file and save.

Edit the following lines to reflect the new names of the certificates.

It should look like this below, save the file

Now restart the App Volumes Manager Service for the new Certificates to take effect

Once the service has restarted you should see the padlock indicating the session is secure and the Certificate is trusted.

Hope this helps