Administrators can configure the certificate verification mode so that, for example, full verification is always performed.
Certificate checking occurs for SSL connections between Connection Server and Horizon Client. Administrators can configure the verification mode to use one of the following strategies:
- End users are allowed to choose the verification mode. The rest of this list describes the three verification modes.
- (No verification) No certificate checks are performed.
- (Warn) End users are warned if a self-signed certificate is being presented by the server. Users can choose whether or not to allow this type of connection.
- (Full security) Full verification is performed and connections that do not pass full verification are rejected.
For details about the types of verification checks performed, see Setting the Certificate Checking Mode for Horizon Client.
You can set the verification mode so that end users cannot change it. Set the "Security Mode" key in the /Library/Preferences/com.vmware.horizon.plist file on Mac clients to one of the following values:
- 1 implements Never connect to untrusted servers.
- 2 implements Warn before connecting to untrusted servers.
- 3 implements Do not verify server identity certificates.