Tuesday, August 7, 2012

Teradici PCoIP Firmware 4.x GoDaddy.com Certificate issues

I came across an interesting issue with a GoDaddy.com certificate. As described in previous posts you need to upload your Root and Intermediate certificates to the PCoIP devices connecting to VIEW. If you do not you'll see an error message when connecting to your connection servers saying "the certificate is not rooted". Typically when you see this message all you have to do is locate the intermediate and rootCA that signed your broker certificate and upload it, however people are seeing issue with some intermediate/root CA's. I think that these messages in the thin client log are the link to the problem;

08/06/2012, 16:15:25> LVL:1 RC:-510 X509_UTIL :get_issuer() failed!

08/06/2012, 16:15:25> LVL:1 RC:-510 MGMT_CERT :ERROR: tera_x509_util_get_tree failed for certificate 1

08/06/2012, 16:15:25> LVL:1 RC:-510 MGMT_CERT :ERROR: certificate is not valid (tera_mgmt_cert_add_certificate_by_index)

08/06/2012, 16:15:25> LVL:1 RC:-510 MGMT_CMI :ERROR: tera_mgmt_cert_add_certificate failed!

08/06/2012, 16:15:26> LVL:2 RC: 0 GSOAP :SOAP 1.2 fault: SOAP-ENV:Sender [no subcode]

08/06/2012, 16:15:26> LVL:2 RC: 0 GSOAP :"Failed to add certificate to certificate store" Detail: [no detail]

08/06/2012, 16:15:26> LVL:0 RC: 12 MGMT_CMI :Error serving SOAP request!

It appears that the Teradici Firmware is expecting content in certain fields of the Certificate, and GoDaddy is not providing them in this case. In fact when you upload the godaddy cert to the teradici management appliance they look incomplete compared to a verisign, as you can see in the image below



After a bit of research I've found that this is a known issue with the 4.x release of the PCoIP firmware. You can find the KB article here. The issue is not limited to just Godaddy Certs, a VMware Community article found here shows others having this issue with other cert vendors. The community article also contains the fix, which is opening a ticket with Teradici Support. Apparently the only way to resolve this is using a Release Candidate of the next firmware revision.
Posted by at
Labels: , , ,

3 comments:

  1. JACKDecember 17, 2020 at 5:15 AM

    Thank you so much for such a well-written article. It’s full of insightful information. Your point of view is the best among many without fail.For certain, It is one of the best blogs in my opinion. godaddy workspace login

    ReplyDelete
  2. JACKDecember 17, 2020 at 5:18 AM

    I have read your article couple of times because your views are on my own for the most part. It is great content for every reader. godaddy workspace login

    ReplyDelete
  3. sameerJuly 30, 2021 at 6:14 AM

    Thank you for some other informative website. The place else may just I get that kind of information written in such a perfect method? I have a venture that I am simply now running on, and I’ve been at the glance out for such info. https://onohosting.com/

    ReplyDelete

Subscribe to: Post Comments (Atom)