Thin Client Certificate issues

Now is not the time

After upgrading some of our expiring SSL Certificates on the Horizon View Brokers, we started to receive invalid and untrusted connections on some of our Teradici PCoIP Zero Clients.  The new certificate was working fine on Windows Fat clients but on some of the older Zero clients, there were trust issues.

Importing the new certificate chains into the devices’ certificate store did not help any but after some intense googling, we did find some promising articles that mentioned how the Time on a local thin client can affect the trust with the certificate authorities.  This new certificate installed on the Horizon Broker was super new so we basically had to enable NTP on the local Zero clients to resolve the issue.  The Guest OS doesn’t really care about the local time but the certificate trust process very much does.  Once we enabled the NTP on the Zero client firmware, the issues went away.

We found this article on the Teridici site which seems to have confirmed our issue.

If the certificate was renewed and signed by the same servers the PCoIP Zero Client will have all the required certificates in the certificate store. The main change in the certificate will be the valid from date. The PCoIP Zero Client’s time maybe incorrect or the certificate may have been issued in a different time zone that is in the future.

For the Teradici devices specifically, upgrading the firmware past 4.5.x would also correct this issue.

Happy Wednesday!