Certificates in Firefox not detected by VMWare Horizon Client

Questions about applications and software
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
minttasticy
Level 1
Level 1
Posts: 2
Joined: Tue Dec 06, 2022 11:49 am

Certificates in Firefox not detected by VMWare Horizon Client

Post by minttasticy »

Hello everyone,
I've been asked to use VMware Horizon Client for work, I work on a gov network, I've downloaded the usual DOD root certificates and did an import under "Authorities certificates" in Firefox. Vmware Horizon Client when i attempt to connect to the server, immediatly tells me an error of "Access Denied. No valid certificates provided" which makes me think I'm not giving the correct cert to the server. Weird part is, I can connect using my cac card to other military websites that require a cac card and a pin.

Does anyone know if certificates hosted on a server if they must be loaded in a certain order? I've gone into each certificate and approved the trust with "edit Trust".

My CAC card is detected by my reader and the pcsc_scan command
I've loaded all 7 dod certificates into firefox certificate authorities, edited each to trust CA identify website and trust identify email users
I've inported the location of the /usr/lib for opensc-pkcs11.so in Security devices in Firefox. Stumped why VMware Horizon doesnt see my certs

Here is the error.
vmwarehorizonerror.gif

These are the exact steps I took.. I'm able to get on most government websites to include office.com using a government issued cac.
1. Sudo apt install libpcsclite1 pcscd pcsc-tools
2. Sudo apt install opensc
3. Sudo systemctl start pcscd
4. Sudo systemctl enable pcscd
5. Install Coolkey
6. CAC Card reader model SCR3310 works
7. Pcsc_scan (The scan detects the cac reader device and detects the card insertion)
8. Ctrl+z to exit
9. Download certificates from https://dl.dod.cyber.mil/wp-content/upl ... -6_dod.zip
10. Extract zip to its own folder
11. Firefox, settings, Cert, Certificates, Authorities, Click Import
12. Click Certificate in extracted folder, Click Open, Click Ok to acknowledge CA,
13. Check On - Trust this CA to identify websites
14. Check on - Trust this CA to identify email users
15. Click Ok for Certificate Manager window
16. Repeat process for all certs (7 Certificates)
17.Sudo Find /usr/lib -name opensc-pkcs11.so (Shows location of pkcs11/opensc-pkcs11.so and opensc-pkcs11.so)
Shows /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so
Shows /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
18. Copy line b.
19. Go back to Firefox > Settings >Security devices > Load > paste in line b ( /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so )
20. Press Ok. Should show New PKCS#11 Module in the “Module Name” box.
21. Press Ok to leave “Security Devices”
22. Restart computer
23. Test CAC card
Last edited by LockBot on Tue Jun 06, 2023 10:00 pm, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Top
Locked

Return to “Software & Applications”