Administrators can configure the certificate verification mode so that, for example, full verification is always performed.

Certificate checking occurs for SSL connections between Connection Server and Horizon Client. Administrators can configure the verification mode to use one of the following strategies:

  • End users are allowed to choose the verification mode. The rest of this list describes the three verification modes.

  • (No verification) No certificate checks are performed.

  • (Warn) End users are warned if a self-signed certificate is being presented by the server. Users can choose whether or not to allow this type of connection.

  • (Full security) Full verification is performed and connections that do not pass full verification are rejected.

For details about the types of verification checks performed, see Setting the Certificate Checking Mode for Horizon Client.

Use the Client Configuration ADM template file (vdm_client.adm) to set the verification mode. All ADM and ADMX files that provide group policy settings are available in a .zip file named VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. You can download this GPO bundle from the VMware Horizon download site at http://www.vmware.com/go/downloadview. For information about using this template to control GPO settings, see Using the Group Policy Template to Configure VMware Horizon Client for Windows.

Note:

You can also use the Client Configuration ADM template file to restrict the use of certain cryptographic algorithms and protocols before establishing an encrypted SSL connection. For more information about this setting, seeSecurity Settings for Client GPOs.

If you do not want to configure the certificate verification setting as a group policy, you can also enable certificate verification by adding the CertCheckMode value name to one of the following registry keys on the client computer:

  • For 32-bit Windows: HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Client\Security

  • For 64-bit Windows: HKLM\SOFTWARE\Wow6432Node\VMware, Inc.\VMware VDM\Client\Security

Use the following values in the registry key:

  • 0 implements Do not verify server identity certificates.

  • 1 implements Warn before connecting to untrusted servers.

  • 2 implements Never connect to untrusted servers.

If you configure both the group policy setting and the CertCheckMode setting in the registry key, the group policy setting takes precedence over the registry key value.

Note:

In a future release, configuring this setting using the Windows registry might not be supported. A GPO setting must be used.