You must add root certificates, intermediate certificates, or both to a server truststore file for all users and administrators that you trust. Connection Server instances and security servers use this information to authenticate smart card users and administrators.


  • Obtain the root or intermediate certificates that were used to sign the certificates on the smart cards presented by your users or administrators. See Obtain the Certificate Authority Certificates and Obtain the CA Certificate from Windows.
    Important: These certificates can include intermediate certificates if the user's smart card certificate was issued by an intermediate certificate authority.
  • Verify that the keytool utility is added to the system path on your Connection Server host. See the Horizon 7 Installation document for more information.


  1. On your Connection Server or security server host, use the keytool utility to import the root certificate, intermediate certificate, or both into the server truststore file.
    For example: keytool -import -alias alias -file root_certificate -keystore truststorefile.key -storetype JKS
    In this command, alias is a unique case-sensitive name for a new entry in the truststore file, root_certificate is the root or intermediate certificate that you obtained or exported, and truststorefile.key is the name of the truststore file that you are adding the root certificate to. If the file does not exist, it is created in the current directory.
    Note: The keytool utility might prompt you to create a password for the truststore file. You will be asked to provide this password if you need to add additional certificates to the truststore file at a later time.
  2. Copy the truststore file to the SSL gateway configuration folder on the Connection Server or security server host.
    For example: install_directory\VMware\VMware View\Server\sslgateway\conf\truststorefile.key

What to do next

Modify Connection Server configuration properties to enable smart card authentication.