If you do not configure the self-signed certificate into the source virtual machine being prepared, you should import the certificate on each end-user host for Horizon FLEX virtual machines to function correctly.

If the list of certificates is empty in the policy file, Workstation Player and Fusion Pro will fall back to authenticating against the host's list of trusted certificates.

If you include the self-signed certificate of a source virtual machine on the Horizon FLEX Policy Server, and you configure or install the self-signed certificate for the Horizon FLEX Client (either in the source virtual machine's policy file or in the host's list of trusted certificates), you do not need to install the certificate on end-user hosts when certificate updates are required, for example, when a certificate expires.

For information about configuring certificates into a source virtual machine, see Create a Source Virtual Machine in Fusion Pro or Create a Source Virtual Machine in Workstation Pro (Not included in Horizon FLEX).

For information about creating a trusted certificates list and importing it to the Horizon FLEX Policy Server, see Creating a Trusted Certificates List in a Source Virtual Machine.

For information about updating certificates, see Updating Trusted Certificates on the Horizon FLEX Server.