When you install Linux Agent, the installer generates a self-signed certificate for VMwareBlastServer.

  • When the Blast Security Gateway is disabled on the broker, VMwareBlastServer presents this certificate to the browser that uses HTML Access to connect to the Linux Desktop.
  • When the Blast Security Gateway is enabled on the broker, Blast Security Gateway's certificate presents the certificate to the browser.

To comply with industry or security regulations, you can replace the self-signed certificate with a certificate that is signed by a Certificate Authority (CA).


  1. Install the private key and the certificate to VMwareBlastServer.
    1. Rename the private key to rui.key and the certificate to rui.crt .
    2. Run sudo chmod 550 /etc/vmware/ssl.
    3. Copy the rui.crt and rui.key to /etc/vmware/ssl.
    4. Run chmod 440 /etc/vmware/ssl.
  2. Install the root and intermediate Certificate Authority into the Linux OS Certificate Authority store.
    Note: Check your Linux distribution documentation for the Linux system settings change.