The View Connection Server instance or security server that has the smart card connected cannot perform certificate revocation checking on the server's SSL certificate unless you have configured smart card certificate revocation checking.

Problem

Certificate revocation checking might fail if your organization uses a proxy server for Internet access, or if a View Connection Server instance or security server cannot reach the servers that provide revocation checking because of firewalls or other controls.

Important:

Make sure the CRL file is up to date.

View supports certificate revocation checking with certificate revocation lists (CRLs) and with the Online Certificate Status Protocol (OCSP). A CRL is a list of revoked certificates published by the CA (Certificate Authority) that issued the certificates. OCSP is a certificate validation protocol that is used to get the revocation status of an X.509 certificate. The CA must be accessible from the View Connection Server or security server host. This issue can only occur if you configured revocation checking of smart card certificates. See Using Smart Card Certificate Revocation Checking.

Procedure

  1. Create your own (manual) procedure for downloading an up-to-date CRL from the CA website you use to a path on your View server.
  2. Create or edit the locked.properties file in the SSL gateway configuration folder on the View Connection Server or security server host.

    For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties

  3. Add the enableRevocationChecking and crlLocation properties in the locked.properties file to the local path to where the CRL is stored.
  4. Restart the View Connection Server service or security server service to make your changes take effect.