You can configure the certificate checking mode for end users. For example, you can configure that full verification is always performed. Certificate checking occurs for TLS connections between a server and Horizon Client.

You can configure one of the following certificate verification strategies for end users.

  • End users are allowed to select the certificate checking mode in Horizon Client.

  • (No verification) No certificate checks are performed.

  • (Warn) If the server presents a self-signed certificate, end users are warned. Users can determine whether to allow this type of connection.

  • (Full security) Full verification is performed and connections that do not pass full verification are rejected.

For information about the types of certificate checks that can be performed, see Setting the Certificate Checking Mode in Horizon Client.

To configure the certificate checking mode so that end users cannot change it, set the Security Mode key in the /Library/Preferences/com.vmware.horizon.plist file on the Mac client to one of the following values.

  • 1 implements Never connect to untrusted servers.

  • 2 implements Warn before connecting to untrusted servers.

  • 3 implements Do not verify server identity certificates.