To enable smart card authentication, you must modify Connection Server configuration properties on your Connection Server or security server host.
Add the CA (certificate authority) certificates for all trusted user certificates to a server truststore file. These certificates include root certificates and can include intermediate certificates if the user's smart card certificate was issued by an intermediate certificate authority.
- Create or edit the locked.properties file in the TLS/SSL gateway configuration folder on the Connection Server or security server host.
For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties
- Add the trustKeyfile, trustStoretype, and useCertAuth properties to the locked.properties file.
- Set trustKeyfile to the name of your truststore file.
- Set trustStoretype to jks.
- Set useCertAuth to true to enable certificate authentication.
- Restart the Connection Server service or security server service to make your changes take effect.
The file shown specifies that the root certificate for all trusted users is located in the file lonqa.key, sets the trust store type to jks, and enables certificate authentication.
trustKeyfile=lonqa.key trustStoretype=jks useCertAuth=true
What to do next
If you configured smart card authentication for a Connection Server instance, configure smart card authentication settings in Horizon Administrator. You do not need to configure smart card authentication settings for a security server. Settings that are configured on a Horizon Connection Server instance are also applied to a paired security server.