Configure Horizon Connection Server, Security Server, or View Composer to Use a New TLS Certificate

To configure a Connection Server instance, security server, or View Composer instance to use a TLS certificate, you must import the server certificate and the entire certificate chain into the Windows local computer certificate store on the Connection Server, security server, or View Composer host.

In a pod of replicated Connection Server instances, you must import the server certificate and certificate chain on all instances in the pod.

By default, the Blast Secure Gateway (BSG) uses the TLS certificate that is configured for the Connection Server instance or security server on which the BSG is running. If you replace the default, self-signed certificate for a View server with a CA-signed certificate, the BSG also uses the CA-signed certificate.

Important: To configure Connection Server or security server to use a certificate, you must change the certificate Friendly name to vdm. Also, the certificate must have an accompanying private key.

If you intend to replace an existing certificate or the default, self-signed certificate with a new certificate after you install View Composer, you must run the SviConfig ReplaceCertificate utility to bind the new certificate to the port used by View Composer.