Upload SSL certificates to ensure that clients making direct connections to the node can have trusted connections.

About this task

When Unified Access Gateway is deployed for your environment, the connections go through Unified Access Gateway and use the certificate that you provided for the Unified Access Gateway configuration. You must upload an SSL certificate if:

  • Your end users will connect to their desktops and applications by connecting directly to the node, such as using a VPN, and not through Unified Access Gateway.

  • You plan to use VMware Identity Manager™, either with or without True SSO, even if you have Unified Access Gateway.


For a node in the Microsoft Azure cloud, if the node was deployed with the Internet access toggle set to Yes (the default), Unified Access Gateway is already deployed for that node. User connections to the desktops and applications in that node go through Unified Access Gateway.


During this procedure, the environment is temporarily unavailable and you cannot perform administrator operations. Upload the certificates after confirming that no users are on the system and no running tasks exist, such as importing base images, publishing images, provisioning farms or desktops, assigning desktops, and so on.

You must upload the CA.crt and SSL.crt files, and the .key private key.

The CA certificate and the SSL certificate must be in PEM format, which is a BASE64-encoded DER representation of an X.509 certificate. They both have a .crt extension, and look like this:


The private key must not have a password or passphrase associated with it. The .key file looks like this:




  1. Select Settings > Capacity.
  2. Open the node's summary page by expanding the node's row and clicking its name.
  3. Click More > Upload Certificate.
  4. For each of the certificate files listed in the Upload Certificate dialog box, click Select and navigate to the appropriate file.
  5. When all of the certificate files are selected, click Save.

    The console will be unresponsive for 5 to10 minutes for all administrators while the certificates are applied.

  6. When the system is responsive again, refresh the browser page and use your credentials to reauthenticate.
  7. Verify that the certificates are shown as valid on the node's summary page.