VMware strongly recommends that you configure TLS certificates for authentication of Connection Server instances, security servers, and View Composer service instances.

A default TLS server certificate is generated when you install Connection Server instances, security servers, or View Composer instances. You can use the default certificate for testing purposes.

Certificates used for communication between Connection Servers and also between Horizon Agents and Connection Server instances, are replaced using an automatic mechanism, and cannot be replaced manually. For more details, see the Horizon 7 Security document.

Important: Replace the default certificate as soon as possible. The default certificate is not signed by a Certificate Authority (CA). Use of certificates that are not signed by a CA can allow untrusted parties to intercept traffic by masquerading as your server.