You must download the CA-signed TLS certificate that is installed on the intermediate server so that it can be imported into the external-facing Horizon 7 servers.


  1. Connect to the intermediate server and find the TLS certificates that are presented to clients sending HTTPS requests.
  2. Find and download the TLS certificate that is used for Horizon 7.

Example: Download an TLS Certificate from an F5 BIG-IP LTM System

This example uses F5 BIG-IP Local Traffic Manager (LTM) as an intermediate server. The example is intended to give you a general idea of how you might download a certificate from your own intermediate server.

Important: These steps are specific to F5 BIG-IP LTM and may not apply to new releases or other F5 products. The steps do not apply to other vendors' intermediate servers.

Before you start, verify that the F5 BIG-IP LTM system is deployed with Horizon 7. Check that you completed the tasks in the F5 deployment guide, Deploying the BIG-IP LTM System with VMware View, located at

  1. Connect to the F5 BIG-IP LTM configuration utility.
  2. On the Main tab of the navigation pane, expand Local Traffic and click SSL certificates.

    The utility displays a list of certificates that are installed on the system.

  3. In the Name column, click the name of the certificate that is used for Horizon 7.
  4. At the bottom of the screen, click Export.

    The utility displays the existing TLS certificate in the Certificate Text box.

  5. From the Certificate File setting, click Download file_name.

    The TLS certificate is downloaded as a CRT file.