Horizon Client and Horizon Administrator communicate with a Horizon Connection Server host over secure HTTPS connections. Information about the server certificate on Connection Server is communicated to the client as part of the TLS handshake between client and server.

The initial Horizon Client connection, which is used for user authentication and remote desktop and application selection, is created when a user opens Horizon Client and provides a fully qualified domain name for the Connection Server, security server, or Unified Access Gateway host. The Horizon Administrator connection is created when an administrator types the Horizon Administrator URL into a Web browser.

A default TLS server certificate is generated during Connection Server installation. By default, TLS clients are presented with this certificate when they visit a secure page such as Horizon Administrator.

You can use the default certificate for testing, but you should replace it with your own certificate as soon as possible. The default certificate is not signed by a commercial Certificate Authority (CA). Use of non-certified certificates can allow untrusted parties to intercept traffic by masquerading as your server.