After you import a server certificate into the Windows local computer certificate store, you must take additional steps to allow a Horizon 7 server to use the certificate.
- Verify that the server certificate was imported successfully.
- Change the certificate Friendly name to vdm.
vdm must be lower case. Any other certificates with the Friendly name vdm must be renamed, or you must remove the Friendly name from those certificates.
You do not have to modify the Friendly name of certificates that are used by View Composer.
- Install the root CA certificate and intermediate CA certificate in the Windows certificate store.
- Restart the Connection Server service, security server service, or View Composer service to allow the service to start using the new certificates.
- If you use HTML Access, restart the VMware View Blast Secure Gateway service.
- If you are setting up a certificate on a View Composer server, you might have to take another step.
If you set up the new certificate after you install View Composer, you must run the SviConfig ReplaceCertificate utility to replace the certificate that is bound to the port used by View Composer.
If you set up the new certificate before you install View Composer, you do not have to run the SviConfig ReplaceCertificate utility. When you run the View Composer installer, you can select the new certificate that is signed by a CA instead of the default, self-signed certificate.
For more information, see "Bind a New TLS Certificate to the port Used by View Composer" in the Horizon 7 Installation document.
To perform the tasks in this procedure, see the following topics:
For more information, see "Configure Connection Server, Security Server, or View Composer to Use a New TLS Certificate" in the Horizon 7 Installation document.
The Horizon 7 Installation topic "Import a Signed Server Certificate into a Windows Certificate Store" is not listed here because you already imported the server certificate by using the certreq utility. You should not use the Certificate Import wizard in the MMC Snap-in to import the server certificate again.
However, you can use the Certificate Import wizard to import the root CA certificate and intermediate CA certificate into the Windows certificate store.