To enable smart card authentication, you must modify Connection Server configuration properties on your Connection Server.

Prerequisites

Add the CA (certificate authority) certificates for all trusted user certificates to a server truststore file. These certificates include root certificates and can include intermediate certificates if the user's smart card certificate was issued by an intermediate certificate authority.

Procedure

  1. Create or edit the locked.properties file in the TLS/SSL gateway configuration folder on the Connection Server host.
    For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties
  2. Add the trustKeyfile, trustStoretype, and useCertAuth properties to the locked.properties file.
    1. Set trustKeyfile to the name of your truststore file.
    2. Set trustStoretype to jks.
    3. Set useCertAuth to true to enable certificate authentication.
  3. Restart the Connection Server service to make your changes take effect.

locked.properties File

The file shown specifies that the root certificate for all trusted users is located in the file lonqa.key, sets the trust store type to jks, and enables certificate authentication.

trustKeyfile=lonqa.key
trustStoretype=jks
useCertAuth=true

What to do next

If you configured smart card authentication for a Connection Server instance, configure smart card authentication settings in Horizon Console.