To enable smart card authentication, you must modify Connection Server configuration properties on your Connection Server or security server host.

Prerequisites

Add the CA (certificate authority) certificates for all trusted user certificates to a server truststore file. These certificates include root certificates and can include intermediate certificates if the user's smart card certificate was issued by an intermediate certificate authority.

Procedure

  1. Create or edit the locked.properties file in the TLS/SSL gateway configuration folder on the Connection Server or security server host.
    For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties
  2. Add the trustKeyfile, trustStoretype, and useCertAuth properties to the locked.properties file.
    1. Set trustKeyfile to the name of your truststore file.
    2. Set trustStoretype to jks.
    3. Set useCertAuth to true to enable certificate authentication.
  3. Restart the Connection Server service or security server service to make your changes take effect.

Example: locked.properties File

The file shown specifies that the root certificate for all trusted users is located in the file lonqa.key, sets the trust store type to jks, and enables certificate authentication.

trustKeyfile=lonqa.key
trustStoretype=jks
useCertAuth=true

What to do next

If you configured smart card authentication for a Connection Server instance, configure smart card authentication settings in Horizon Administrator. You do not need to configure smart card authentication settings for a security server. Settings that are configured on a Horizon Connection Server instance are also applied to a paired security server.