You can create a self-signed certificate for the Horizon FLEX server by using OpenSSL.

Note: If the certificate is commercially issued by a trusted root certificate authority or intermediate certificate authority, this task is not required.


The OpenSSL configuration file is created on the Mirage Gateway Server. See the Mirage documentation at


  1. At the OpenSSL command prompt, create a certificate: $ openssl req -new -days expiration time -x509 -newkey rsa:2048 - keyout key filename -outcertificate filename -nodes
    expiration time represents the number of days that the certificate should be valid, key filename represents the filename for the key, and certificate filename represents the new certificate name.
    A self-signed certificate and a private key are generated. The certificate uses a 2048-bit RSA key and does not protect the key with a passphrase.
  2. When prompted, enter the country name, state name, locality, organization name, and organizational unit name.
  3. In the Common Name text box, enter the host name of the Horizon FLEX server to be protected.
    This text box must be completed.
  4. Enter the email address.
    The self-signed certificate and associated private key are generated.
  5. If the private key must be in .pfx format , enter the following command by using the certificate name and key filename generated in the previous steps: $ openSSL pkcs12 -export -outoutput pfx filename -inkey key filename -in certificate name
    A new password-protected .pfx file is generated that can be deployed on any device that requires .pfx certificates instead of PEM certificates.