If a Horizon 7 server certificate is signed by a CA that is not trusted by client computers and client computers that access Horizon Administrator, you can configure all Windows client systems in a domain to trust the root and intermediate certificates. To do so, you must add the public key for the root certificate to the Trusted Root Certification Authorities group policy in Active Directory and add the root certificate to the Enterprise NTAuth store.
For example, you might have to take these steps if your organization uses an internal certificate service.
You do not have to take these steps if the Windows domain controller acts as the root CA, or if your certificates are signed by a well known CA. For well known CAs, the operating system venders preinstall the root certificate on client systems.
If your server certificates are signed by a little-known intermediate CA, you must add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory.
For client devices that use other operating systems than Windows, see the following instructions for distributing root and intermediate certificates that users can install:
- For Horizon Client for Mac, see Configure Horizon Client for Mac to Trust Root and Intermediate Certificates.
- For Horizon Client for iOS, see Configure Horizon Client for iOS to Trust Root and Intermediate Certificates.
- For Horizon Client for Android, see documentation on the Google Web site, such as the Android 3.0 User's Guide
- For Horizon Client for Linux, see the Ubuntu documentation
Prerequisites
Verify that the server certificate was generated with a KeyLength value of 1024 or larger. Client endpoints will not validate a certificate on a server that was generated with a KeyLength under 1024, and the clients will fail to connect to the server.
Procedure
Results
All systems in the domain now have certificate information in their trusted root certificate stores and intermediate certificate stores that allows them to trust the root and intermediate certificates.