Before you run the Upload Pod Certificate workflow, verify that you have satisfied these prerequisites. You must have the certificate-related files as described below to satisfy the Upload Pod Certificate window's criteria and allow the workflow to successfully complete.

  • In your DNS server, map a fully qualified domain name (FQDN) to the IP address that is displayed in the pod's details page and which is labeled as Pod Manager Load Balancer IP. You can navigate to the pod's details page from the Capacity page and clicking on the pod's name. For the meaning of the IP address that is displayed next to the label Pod Manager Load Balancer IP, see Overview of Configuring SSL Certificates on the Horizon Cloud Pod's Manager VMs, Primarily For Use By the Workspace ONE Access Connector with Pods in a Single-Pod Broker Environment.
  • Obtain a valid trusted SSL certificate based on that FQDN. That SSL certificate must be the following format needed for you to provide it into the console's Upload Pod Certificate window. Because the console's Upload Pod Certificate workflow requires specific elements, you must ensure that this SSL certificate adheres to the following characteristics:
    • Three separate files for uploading into the Upload Pod Certificate window:
      • A CA.crt file for the CA certificate.
      • A SSL.crt file for your CA-signed SSL certificate.
      • A .key file for the RSA private key, labeled SSL Key File in the window.
    The following screenshot is an illustration of how the Upload Pod Certificate window looks where you provide those three files.
    Screenshot that illustrates the Upload Pod Certificate window with green arrows pointing to each location where a file gets added.

  • Ensure the CA certificate file and the SSL certificate files for this upload are in PEM format, which is a BASE64-encoded DER representation of an X.509 certificate. They must both have a .crt extension. When looking at their contents, these two files should look similar to the following example. 
    -----BEGIN CERTIFICATE----- 
MIIFejCCA2KgAwIBAgIDAIi/MA0GCSqG 
............... 
-----END CERTIFICATE-----
  • Ensure the private key is without a password or passphrase associated with it. The .key file looks like the following example: 
    -----BEGIN RSA PRIVATE KEY -----
MIIEpQIBAAKCAQEAoJmURboiFut+R34CNFibb9fjtI+cpDarUzqe8oGKFzEE/jmj
...................... 
-----END RSA PRIVATE KEY-----
  • Before running the Upload Pod Certificate workflow, if you earlier notified VMware Support that you do not want the pod to use the default Horizon Cloud pod backup and restore service, you should contact VMware Support to turn on the backup service for the pod. Because uploading and saving incorrect or improperly formed SSL certificate files to the pod can result in loss of access to the pod, ensuring a backup is available is highly recommended in case you lose access to the pod after uploading the certificate files. See Backup and Restore for Horizon Cloud on Microsoft Azure Deployments for information about the default backup and restore service. If your pod manifest version is lower than 1101, contact VMware Support to update your pod so that it can participate in the backup and restore service.

For steps used to configure the SSL certificate on the pod's manager VMs, see Configure SSL Certificates Directly on the Pod Manager VMs, Such as When Integrating the Workspace ONE Access Connector Appliance with the Horizon Cloud Pod in Microsoft Azure, So that Connector Can Trust Connections to the Pod Manager VMs.