Administrators can configure the certificate verification mode so that, for example, full verification is always performed.
Certificate checking occurs for SSL connections between Connection Server and Horizon Client. Administrators can configure the verification mode to use one of the following strategies:
- End users are allowed to choose the verification mode. The rest of this list describes the three verification modes.
- (No verification) No certificate checks are performed.
- (Warn) End users are warned if a self-signed certificate is being presented by the server. Users can choose whether or not to allow this type of connection.
- (Full security) Full verification is performed and connections that do not pass full verification are rejected.
For details about the types of verification checks performed, see Certificate Checking Modes for Horizon Client.
Use the view.sslVerificationMode property to set the default verification mode:
- 1 implements Full Verification.
- 2 implements Warn If the Connection May Be Insecure.
- 3 implements No Verification Performed.
To configure the mode so that end users cannot change the mode, set the view.allowSslVerificationMode property to "False" in the /etc/vmware/view-mandatory-config file on the client system. See Horizon Client Configuration Settings and Command-Line Options.