VMware EUC Access Point Single Line PEM

VMware has greatly increased the usefulness of the EUC Access Point with the 2.7.2 version. Included in this version is the ability to handle the Horizon View security server functionality, airwatch functionality including per-app VPN and identity manager reverse proxy.

During the Horizon View setup pieces, there is a requirement to install your SSL certificate and key in a single line. With many guides on the internet showing different ways of accomplishing this, the one way that worked successfully for me each time is the method in the Deploying and Configuring Access Point guide on the VMware website.

To convert from pkcs12 to pem:

openssl pkcs12 -in mycaservercert.pfx -nokeys -out mycaservercert.pem
openssl pkcs12 -in mycaservercert.pfx -nodes -nocerts -out mycaservercert.pem
openssl rsa -in mycaservercertkey.pem -check -out mycaservercertkeyrsa.pem

Open the pem files and remove any unnecessary lines and then run the following command for both the RSA key and the certificate chain.

awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' cert-name.pem

Each of these outputs will then be uploaded in JSON format to the EUC access point

Using postman, do a put using the following link to your access point appliance. Replace “string” with the single line output from the above awk command for the RSA file and the certificate chain.

https://FQDN or IP of EUC Access Point:9443/rest/v1/config/certs/ssl

{
  "privateKeyPem": "string",
  "certChainPem": "string"
}

If all works successfully, you will see the new settings displayed in the bottom output section and status 200 ok displayed as well