To obtain a signed certificate from a Windows Domain or Enterprise CA, you can use the Windows Certificate Enrollment wizard in the Windows Certificate Store.
This method of requesting a certificate is appropriate if communications between computers remain within your internal domain. For example, obtaining a signed certificate from a Windows Domain CA might be appropriate for server-to-server communications.
If your clients connect to Horizon 7 servers from an external network, request TLS server certificates that are signed by a trusted, third-party CA.
Prerequisites
- Determine the fully qualified domain name (FQDN) that client devices use to connect to the host.
To comply with VMware security recommendations, use the FQDN, not a simple server name or IP address, even for communications within your internal domain.
- Verify that the Certificate snap-in was added to MMC. See Add the Certificate Snap-In to MMC.
- Verify that you have the appropriate credentials to request a certificate that can be issued to a computer or service.
Procedure
- In the MMC window on the Windows Server host, expand the Certificates (local computer) node and select the Personal folder.
- From the Action menu, go to to display the Certificate Enrollment wizard.
- Select a Certificate Enrollment Policy.
- Select the types of certificates that you want to request, select the Make private key exportable option, and click Enroll.
- Click Finish.
Results
The new signed certificate is added to the
folder in the Windows Certificate Store.What to do next
- Verify that the server certificate and certificate chain were imported into the Windows Certificate Store.
- For a Connection Server instance or security server, modify the certificate friendly name to vdm. See Modify the Certificate Friendly Name.
- For a View Composer server, bind the new certificate to the port that used by View Composer. See TLS.