You can set up trusted CA-Signed TLS server certificate to ensure that traffic between clients and desktops is not fraudulent.


  • Replace the default self-signed TLS server certificate with a trusted CA-signed TLS server certificate. See TLS. This creates a certificate that has the Friendly Name value vdm.

  • If the client's static content is served by the desktop, set up static content delivery. See Set Up Static Content Delivery.

  • Familiarize yourself with the Windows Certificate Store. See "Configure Connection Server, Security Server, or View Composer to Use a New TLS Certificate" in the Horizon 7 Installation document.


  1. In the Windows Certificate Store, navigate to Personal > Certificates.
  2. Double-click the certificate with Friendly Name vdm.
  3. Click on the Details tab.
  4. Copy the Thumbprint value.
  5. Start the Windows Registry Editor.
  6. Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config.
  7. Add a new String (REG_SZ) value, SSLHash, to this registry key.
  8. Set the SSLHash value to the Thumbprint value.