Use this workflow when your scenario is integrating the Workspace ONE Access Connector appliance with the pod. The primary use of this workflow is for that integration, so that the Workspace ONE Access connector will trust SSL connections to the pod manager VMs. That is how integration of these pods with Workspace ONE Access works. The Workspace ONE Access Connector talks to the pod manager VMs through the Microsoft Azure load balancer that is in front of those appliances. Even though there might be some rare, atypical scenarios in which some types of organizations would look to put an SSL certificate directly onto the pod manager VMs, those situations are uncommon and most organizations would not fall into those situations.

Important: If your deployment does not involve the Workspace ONE Access Connector integrating with your pods, and your end users are pointing their clients and browsers to the FQDN that is for the pod's gateway configuration, these steps do not apply to that scenario. For that scenario, there is an entirely different set of steps to follow for working with the SSL certificate that is in place on the gateway configurations of the pod. Performing the steps below will not change the SSL certificate that is on the gateway configurations. If your use case involves replacing the SSL certificate that is configured on one or more of the pod's gateway configurations, see instead Replace a Gateway's SSL Certificate with a New One, Such as For a New Expiration Date or to Use a Different FQDN, For a Horizon Cloud Pod in Microsoft Azure. You can examine the FQDN information displayed in the pod details page's gateway-related sections to check if you told your end users to point their clients or browsers to a gateway-related FQDN.

To learn about scenarios where the pod manager VMs get configured with SSL certificates, read about pod manager VMs and the special scenarios where they need SSL certificates. The primary use case is when you are integrating your pod with the Workspace ONE Access connector so that end users can access their pod-provisioned resources using Workspace ONE Access. To read about that integration workflow at Integrate a Horizon Cloud Pod in Microsoft Azure with Workspace ONE Access.

Note: When you click Save in the steps below, Horizon Cloud will use those certificate files to configure the certificate on those VMs. This activity takes less than a minute.

The steps below are performed in the Horizon Cloud Administration Console.


Before you start this workflow, verify that you have the required items described in Prerequisites for Running the Horizon Cloud Administration Console's Upload Certificate Workflow to Configure SSL Certificates on the Horizon Cloud Pod's Manager VMs. Especially ensure that you have three certificate files that the console's workflow requires and that they meet the criteria described on that linked page.

Caution: Uploading and saving incorrect or improperly formed SSL certificate files to the pod can result in loss of access to the pod. To avoid inability to recover the pod, if you earlier notified VMware Support that you do not want the pod to participate in the backup and restore service that is provided by default for Horizon Cloud pods in Microsoft Azure, before you upload an SSL certificate to the pod, contact VMware Support to turn on the backup service for the pod to ensure a backup is available in case you lose access to the pod after uploading the certificate files. See Backup and Restore Service for Horizon Cloud Pods in Microsoft Azure for information about the default backup and restore service. If your pod manifest version is lower than 1101, contact VMware Support to update your pod so that it can participate in the backup and restore service.


  1. Select Settings > Capacity.
  2. Open the pod's summary page by clicking the pod's name.
  3. Click More > Upload Certificate.
    The Upload Certificate window opens. The following screenshot is an example of the window.
    Screenshot that illustrates the Upload Certificate window with green arrows pointing to each location where a file gets added.

  4. For each of the certificate files listed in the Upload Certificate dialog box, click Select and navigate to where you have the file available to upload.
  5. When the window shows that all of the certificate files are listed in the window, click Save.
    The following screenshot is an illustration of the window with all certificate files listed before saving them to the system.
    Screenshot that illustrates the Upload Certificate window when all three files are selected before saving to the system.


Horizon Cloud uses the certificate files to configure pod's manager VMs with your SSL certificate. This activity takes several seconds. You can verify the status in the Pod Certificates section of the pod's details page.