When you receive updated server TLS certificates or intermediate certificates, you import the certificates into the Windows local computer certificate store on each Connection Server, security server, or View Composer host.
Typically, server certificates expire after 12 months. Root and intermediate certificates expire after 5 or 10 years.
For detailed information about importing server and intermediate certificates, see "Configure Horizon Connection Server, Security Server, or View Composer to Use a New TLS Certificate" in the Horizon 7 Installation document.
Obtain updated server and intermediate certificates from the CA before the currently valid certificates expire.
Verify that the Certificate snap-in was added to MMC on the Windows Server on which the Connection Server instance, security server, or VMware Horizon View Composer service was installed.
- Import the signed TLS server certificate into the Windows local computer certificate store on the Windows Server host.
- In the Certificate snap-in, import the server certificate into the folder.
- Select Mark this key as exportable.
- Click Next and click Finish.
- For Connection Server or security server, delete the certificate Friendly name, vdm, from the old certificate that was issued to the Horizon 7 server.
- Right-click the old certificate and click Properties
- On the General tab, delete the Friendly name text, vdm.
- For Connection Server or security server, add the certificate Friendly name, vdm, to the new certificate that is replacing the previous certificate.
- Right-click the new certificate and click Properties
- On the General tab, in the Friendly name field, type vdm.
- Click Apply and click OK.
- For a server certificate that is issued to View Composer, run the SviConfig ReplaceCertificate utility to bind the new certificate to the port used by View Composer.
This utility replaces the old certificate binding with the new certificate binding.
- Stop the VMware Horizon View Composer service.
- Open a Windows command prompt and navigate to the SviConfig executable file.
The file is located with the View Composer application. The default path is C:\Program Files (x86)\VMware\VMware View Composer\sviconfig.exe.
- Type the SviConfig ReplaceCertificate command. For example:
sviconfig -operation=ReplaceCertificate -delete=false
The utility displays a numbered list of TLS certificates that are available in the Windows local computer certificate store.
- To select a certificate, type the number of the certificate and press Enter.
- If intermediate certificates are issued to a Connection Server, security server, or View Composer host, import the most recent update to the intermediate certificates into the folder in the Windows certificate store.
- Restart the VMware Horizon View Connection Server service, VMware Horizon View Security Server service, or VMware Horizon View Composer service to make your changes take effect.