Adding Certificates to App Volumes
Some key notes I jotted down while updating some App Volume servers (v2.14) with Certificates generated by an internal Microsoft Certificate Authority. Getting proper certificates on the App Volume and Horizon Broker servers are critical to being able to use the JMP frameworks. VMware does have a KB article talking about it but it’s missing a key step unfortunately. After replacing the certificates in the NGINX folder, you need to modify the NGINX.CONF file. Thankfully, another blogger had run across this LAST YEAR and had documented. Eventually VMware KB will be updated. 😉
VMware KB: https://kb.vmware.com/s/article/2095969
ITUDA blog post: https://www.ituda.com/app-volumes-replacing-app-volumes-manager-certificates/
Unlike the Connection Servers which require a ‘vdm’ friendly name, once the NGINX file is modified on the App Volumes server, it is good to go. In our load balanced scenario, we added the LB’d URL as well as the local machine names as alternate names in the certificate. You will have to track down a Linux box to run OPENSSL to create the necessary CRT and KEY files but other than that, very straight forward.
We had talked about the idea of just replacing the appvol_self_vmware.com.* files but chose to follow the steps in the KB to make sure it was apparent that we had updated the certs from the Self-Signed and also to make sure future upgrades or reconfigurations would not have overwritten our legit certificates.