For JMP Server to validate the Horizon 7 Connection Server to which Horizon Console is connected, you must configure JMP Server to use the Horizon 7 Connection Server certificate.

You must export the Horizon 7 Connection Server certificate into a certificate file named horizon.cert.pem file and place this file in the JMP Server home folder.

Important:

The contents of each of the exported CA-signed certificates must be appended into the same horizon.cert.pem file.

Use these same procedures when adding a CA-signed or self-signed Horizon 7 Connection Server certificate.

Prerequisites

  • JMP Server must be installed.

  • You must have administrative access to Horizon 7 Connection Server.

Procedure

  1. Log in to the Windows Server host for the Horizon 7 Connection Server that interfaces with the Horizon Console and the JMP Server you installed.
  2. Right-click the Windows Start icon, select Run, and type mmc.exe.

    The MMC utility window appears.

  3. Add the Certificates snap-in.
    1. In the Console Root window, select File > Add/Remove Snap-in.
    2. In the Add or Remove Snap-ins window, select Certificates from the Available snap-ins pane, and click Add.
    3. After the certificates have been added, click OK.
    4. In the Certificates snap-in window, select Computer account and click Next.
    5. In the Select Computer window, select Local computer and click Finish.

      The Certificates (Local Computer) snap-in is added in the Selected snap-ins pane.

    6. Click OK to close the Add or Remove Snap-ins dialog box.
  4. Back in the Console Root window, select Console Root > Certificates (Local Computer) and select the Personal > Certificates folder on the left pane to display its contents.
  5. Export the Horizon Connection Server certificate.
    1. In the certificates content pane, locate the certificate with a Friendly Name of vdm.

      This certificate belongs to the Horizon Connection Server.

    2. Right-click the certificate and select All Tasks > Export.
    3. In the Certificate Export Wizard dialog box, click Next.
    4. Select No, do not export the private key, and click Next.
    5. Select the Base-64 encode X.509 (.CER) format and click Next.
    6. Enter the filename as horizon.cert.pem and click Browse to navigate to the folder where you want to save the exported certificate.
      Important:

      You must save the exported certificate file with the .pem file extension, and not with the .cer or .crt file extensions. If necessary, open the exported certificate file in a text editor and save it as horizon.cert.pem.

    7. Click Next and click Finish to close the Certificate Export Wizard window.

    The certificate is exported successfully.

  6. Navigate to where you saved the exported horizon.cert.pem certificate and copy it to the JMP Server home folder.

    For example: C:\Program Files (x86)\VMware\JMP\com\horizon.cert.pem.

Results

With the Connection Server certificate configured for JMP Server, the Connection Server is recognized as a trusted server and Horizon Console users can successfully use the JMP Integrated Workflow features.

What to do next

Review the optional tasks listed in Overview of Tasks for Setting Up TLS Certificates for JMP Server and determine if you must also complete them. If you have finished all the necessary configuration tasks, restart the JMP Server services and configure the JMP settings. See "Configure JMP Settings for the First Time" in VMware Horizon Console Administration for more information.