If you use the certreq utility to generate a CSR, the utility also generates an associated private key. The utility stores the CSR and private key in the Windows local computer certificate store on the computer on which you generated the CSR. You can confirm that the CSR and private key are properly stored by using the Microsoft Management Console (MMC) Certificate snap-in.

The private key must later be joined with the signed certificate to enable the certificate to be properly imported and used by a Horizon 7 server.


  • Verify that you generated a CSR by using the certreq utility and requested a signed certificate from a CA. See Generate a CSR and Request a Signed Certificate from a CA.
  • Familiarize yourself with the procedure for adding a Certificate snap-in to the Microsoft Management Console (MMC). See "Add the Certificate Snap-in to MMC" in the chapter, "Configuring TLS Certificates for Horizon 7 Servers," in the Horizon 7 Installation document.


  1. On the Windows Server computer, add the Certificate snap-in to MMC.
  2. In the MMC window on the Windows Server computer, expand the Certificates (Local Computer) node and select the Certificate Enrollment Request folder.
  3. Expand the Certificate Enrollment Request folder and select the Certificates folder.
  4. Verify that the certificate entry is displayed in the Certificates folder.
    The Issued To and Issued By fields must show the domain name that you entered in the subject:CN field of the request.inf file that was used to generate the CSR.
  5. Verify that the certificate contains a private key by taking one of the following steps:
    • Verify that a yellow key appears on the certificate icon.
    • Double-click the certificate and verify that the following statement appears in the Certificate Information dialog box: You have a private key that corresponds to this certificate..

What to do next

Import the certificate into the Windows local computer certificate store.