You can configure the certificate checking mode for end users. For example, you can configure that full verification is always performed. Certificate checking occurs for TLS connections between a server and Horizon Client.
You can configure one of the following certificate verification strategies for end users.
- End users are allowed to select the certificate checking mode in Horizon Client.
- (No verification) No certificate checks are performed.
- (Warn) If the server presents a self-signed certificate, end users are warned. Users can determine whether to allow this type of connection.
- (Full security) Full verification is performed and connections that do not pass full verification are rejected.
If you use an SSL proxy server to inspect traffic sent from the client environment to the Internet, you can configure certificate checking for secondary connections through the SSL proxy server. This feature applies to both Blast Secure Gateway and secure tunnel connections. You can also allow proxy server use for VMware Blast connections.
For information about the types of certificate checks that can be performed, see Setting the Certificate Checking Mode in Horizon Client.
You can configure the certificate checking mode and proxy server settings so that end users cannot change them by setting keys in the /Library/Preferences/com.vmware.horizon.plist file on the Mac client.
To configure the certificate checking mode, set the Security Mode key to one of the following values.
- 1 implements Never connect to untrusted servers.
- 2 implements Warn before connecting to untrusted servers.
- 3 implements Do not verify server identity certificates.
To allow connections through a SSL proxy server, set the SSL Proxy Mode key to one of the following values.
- 1 enables Allow connection via an SSL Proxy
- 0 disables Allow connection via an SSL Proxy
To allow VMware Blast connections through a proxy server, see Configuring VMware Blast Options for End Users.