A self-signed SSL server certificate cannot give Horizon Client sufficient protection against threats of tampering and eavesdropping. To protect your desktops from these threats, you must replace the generated self-signed certificate.

When View Agent Direct-Connection Plug-In starts for the first time after installation, it automatically generates a self-signed SSL server certificate and places it in the Windows Certificate Store. The SSL server certificate is presented to Horizon Client during the SSL protocol negotiation to provide information to the client about this desktop. This default self-signed SSL server certificate cannot give guarantees about this desktop, unless it is replaced by a certificate signed by a Certificate Authority (CA) that is trusted by the client and is fully validated by the Horizon Client certificate checks.

The procedure for storing this certificate in the Windows Certificate Store and the procedure for replacing it with a proper CA signed certificate, are the same as those used for View Connection Server (version 5.1 or later). See "Configuring SSL Certificates for View Servers," in the View Installation document for details on this certificate replacement procedure.

Certificates with Subject Alternative Name (SAN) and wildcard certificates are supported.

Note:

To distribute the CA signed SSL Server Certificates to a large number of desktops using the View Agent Direct-Connection Plug-In, use Active Directory Enrollment to distribute the certificates to each virtual machine. For more information see: http://technet.microsoft.com/en-us/library/cc732625.aspx.