Today, I’ll show you how to replate Horizon untrusted- invalid SSL certificate.
From VMware Horizon admin console, Dashboard page, right upper corner, there is a square informing about the “System Health”.
From here, we can idenfify problems in your infrastructure.
In my home lab, I have installed 2 connection servers, and 1 security server. Both connection servers are replica (resiliance), manily because my security server is paired to one connection server for external access (Internet) and the second connection server is used for internal purposes (VPN or LAN). Please be aware of, security server and connection servers are paired “one-to-one“.
From Connection Servers, we have a red squeare and it’s realted to the untrusted certificated.
To replace the untrusted – invalid certificate, a self-signed certificated can be created or request a new one using your internal root/intermediate certificate ahotority. Steps to request a new certificate.
- Go to http://yourCAserver.yourdomain/certsrv/ and click request a certtificate.
- Create and submit a request to this CA
- Next is to fill up the neccesary information
- And finally click submit and save your certificate.
Now we have a valid certificate, so it needs to be installed in the Horizon Connection Server. From this server:
- Open a new MMC console. (CMD –> MMC –> File –> Add snap-in –> Select Certificates –> Computer Account –> OK )
- Take a look at the certificates you have in your server, (1) and also check the “friendly name” (2). The certificate with “VDM” is the one we need to replace. So I suggest to rename the friendly name as VDM-old. So click on the existing certificate –> Right Click –> Properties –> Friendly name and click OK.
- Now the new certificate needs to be imported from MMC certificate console (the one we previsouly has been opened). Personal –> Certificates –> Import and select the new certificate
- The important step here is: the new certicate must have same friendly name. So the new friednly name should be “VDM”. After that, the “VMware Horizon View Connection Server” service must be restart. Once finish, the new certificate will work and the connection server will report as “trusted”