To import an internal root CA certificate on a Mac host, you export the certificate from your Horizon FLEX server and import it to the Mac.

Prerequisites

  • Become familiar with how to install and use the MMC Certificates snap-in on a Windows system. For more information, go to the Windows TechNet Web site at http://technet.microsoft.com.

  • Become familiar with how to use Keychain Access on a Mac. For more information, go to the Apple Support Web site at http://support.apple.com.

  • Install Windows IIS.

Procedure

  1. Export the root CA certificate from your Horizon FLEX server.
    1. On the Horizon FLEX server, start MMC (mmc.exe), add the Certificates snap-in for a computer account, and manage certificates for the local computer.
    2. Select File > Add/Remove Snap-in.
    3. Click the Certificates snap-in and click Add.
    4. On the Certificates snap-in display, select Computer account and click Next.

      This setting is required by the Horizon FLEX server.

    5. Select Local Computer and click Finish and then OK.
    6. In the left navigation pane, expand Certificates (Local Computer).
    7. Right-click on Trusted Root Certification Authorities and select All Tasks > Import.

      The Certificate Import Wizard opens.

    8. Click Next.
    9. Browse for the root certificate file and click Next.
    10. Select Place all certificates in the following store: Trusted Root Certification Authorities and click Next, then click Finish.
    11. Navigate to Trusted Root Certification Authorities > Certificates.
    12. Select and export the root CA certificate.

      Export the certificate in DER-encoded binary X.509 (.CER) format.

  2. Copy the root CA certificate to the Mac.
  3. Import the root CA certificate on the Mac.
    1. Double-click the root CA certificate to open it in Keychain Access.

      The root CA certificate appears in login.

    2. Copy the root CA certificate to System.

      You must copy the certificate to System to ensure that it is trusted by all users and local system processes, including the virtual machine (.vmx) processes in Fusion.

    3. Open the root CA certificate, expand Trust, select Use System Defaults, and save your changes.
    4. Reopen the root CA certificate, expand Trust, select Always Trust, and save your changes.
    5. Delete the root CA certificate from login.