Server certificate checking occurs for connections between Horizon Client and a server. A certificate is a digital form of identification, similar to a passport or a driver's license.

Your system administrator might ask you to set the certificate checking mode in Horizon Client to make sure that you can successfully connect to a server. At some companies, an administrator might set the certificate checking mode and prevent you from changing it in Horizon Client.

If a Horizon administrator has allowed it, you can set the certificate checking mode. To set the certificate checking mode, start Horizon Client and select File > Preferences from the menu bar. You can select one of the following options.

  • Never connect to untrusted servers. This setting means that you cannot connect to the server if any of the certificate checks fail. An error message lists the checks that failed.
  • Warn before connecting to untrusted servers. This setting means that you can click Continue to ignore the warning if a certificate check fails because the server uses a self-signed certificate. For self-signed certificates, the certificate name is not required to match the server name that you entered in Horizon Client. You can also receive a warning if the certificate has expired.
  • Do not verify server identity certificates. This setting means that no certificate checking occurs.

Using an SSL Proxy Server

If you use an SSL proxy server to inspect traffic sent from the client environment to the Internet, enable the Allow connection via an SSL Proxy setting. This setting allows certificate checking for secondary connections through an SSL proxy server and applies to both Blast Secure Gateway and secure tunnel connections. If you use an SSL proxy server and enable certificate checking, but you do not enable the Allow connection via an SSL Proxy setting, connections fail because of mismatched thumbprints. The Allow connection via an SSL Proxy setting is not available if you enable the Do not verify server identity certificates option. When the Do not verify server identity certificates option is enabled, Horizon Client does not verify the certificate or thumbprint and an SSL proxy is always allowed.

To allow VMware Blast connections through a proxy server, see "Configure VMware Blast Options" in the VMware Horizon Client for Linux Installation and Setup Guide document.