To configure smart card authentication, you must obtain a root certificate and add it to a server truststore file, modify the Connection Server configuration properties, and configure smart card authentication settings. Depending on your particular environment, you might need to perform additional steps.
Obtain the Certificate Authority Certificates You must obtain all applicable CA (certificate authority) certificates for all trusted user certificates on the smart cards presented by your users and administrators. These certificates include root certificates and can include intermediate certificates if the user's smart card certificate was issued by an intermediate certificate authority.
Obtain the CA Certificate from Windows If you have a CA-signed user certificate or a smart card that contains one, and Windows trusts the root certificate, you can export the root certificate from Windows. If the issuer of the user certificate is an intermediate certificate authority, you can export that certificate.
Add the CA Certificate to a Server Truststore File You must add root certificates, intermediate certificates, or both to a server truststore file for all users and administrators that you trust. Connection Server instances and security servers use this information to authenticate smart card users and administrators.
Modify Horizon Connection Server Configuration Properties To enable smart card authentication, you must modify Connection Server configuration properties on your Connection Server or security server host.
Configure Smart Card Settings in Horizon Administrator You can use Horizon Administrator to specify settings to accommodate different smart card authentication scenarios.