You can create a self-signed certificate for the Horizon FLEX server by using OpenSSL.
About this task
If the certificate is commercially issued by a trusted root certificate authority or intermediate certificate authority, this task is not required.
The OpenSSL configuration file is created on the Mirage Gateway Server. See the Mirage documentation at https://www.vmware.com/support/pubs/mirage_pubs.html.
- At the OpenSSL command prompt, create a certificate: $ openssl req -new -days expiration time -x509 -newkey rsa:2048 - keyout key filename -outcertificate filename -nodes
expiration time represents the number of days that the certificate should be valid, key filename represents the filename for the key, and certificate filename represents the new certificate name.
A self-signed certificate and a private key are generated. The certificate uses a 2048-bit RSA key and does not protect the key with a passphrase.
- When prompted, enter the country name, state name, locality, organization name, and organizational unit name.
- In the Common Name text box, enter the host name of the Horizon FLEX server to be protected.
This text box must be completed.
- Enter the email address.
The self-signed certificate and associated private key are generated.
- If the private key must be in .pfx format , enter the following command by using the certificate name and key filename generated in the previous steps: $ openSSL pkcs12 -export -outoutput pfx filename -inkey key filename -in certificate name
A new password-protected .pfx file is generated that can be deployed on any device that requires .pfx certificates instead of PEM certificates.