For JMP Server to validate the Active Directory with which Horizon Console is connected, you must configure JMP Server to use the certificate for that Active Directory server.

You must export the root CA certificate of the Active Directory domain into a certificate file named adCA.pem file and place this file in the JMP Server XMS configuration folder.


  • JMP Server must be installed.

  • Active Directory must be configured for LDAP over SSL (LDAPS) or StartTLS (LDAP over TLS).

  • Root CA certificates of the Active Directory domains. If the certificates are not in PEM (Base64 encoded) format, see the OpenSSL documentation (or a similar document) to convert the file to a PEM format.


    When you have multiple root certificates from different domains, you can combine all the PEM formatted certificates into a single file by copying the contents of each file one by one to a single .pem file.


  1. Ensure that name of the PEM formatted certificate file is adCA.pem.
  2. Copy the adCA.pem file to the JMP Server XMS configuration folder.

    For example: C:\Program Files (x86)\VMware\JMP\com\XMS\config\adCA.pem.


With the Active Directory certificate configured for your JMP Server instance, the Active Directory is recognized as a trusted server and Horizon Console users can successfully use the JMP Integrated Workflow features.

What to do next

Configure JMP Server with the Connection Server certificate so that JMP Server instance can authenticate Connection Server when desktop administrators use the JMP Integrated Workflow features. See Configure JMP Server to Use the Horizon Connection Server Certificate.