If you use a Unified Access Gateway appliance instead of a Connection Server or security server, you must install a CA-signed certificate that has a Subject Alternative Name (SAN) configured.
If you use a CA-signed certificate that does not have a SAN configured, or a self-signed certificate, users receive a "Your connection is not private" error and cannot connect with Horizon Client for Chrome.
If you use a Connection Server instance or security server, users can still connect by clicking the Proceed to ip-address (unsafe) link.
For information about installing and configuring certificates for Horizon 7, see the Horizon 7 Installation document. For information about installing certificates in Chrome, see the Google Chrome documentation.