Use this workflow when your scenario is integrating the Workspace ONE Access Connector appliance with the pod in a Horizon Cloud environment using single-pod brokering. When your Horizon Cloud environment is configured for single-pod brokering and you want to integrate a pod in Microsoft Azure with Workspace ONE Access, you configure the Workspace ONE Access Connector appliance to point to the pod itself so that the appliance can synch the user entitlements from the pod. The primary use of this workflow is for that type of integration, so that the Workspace ONE Access connector will trust SSL connections to the pod manager VMs. Even though there might be some rare, atypical scenarios in which some types of organizations would look to put an SSL certificate directly onto the pod manager VMs, those situations are uncommon and most organizations would not fall into those situations.

Important: If your deployment does not involve the Workspace ONE Access Connector integrating with your pods, and your end users are pointing their clients and browsers to the FQDN that is for the pod's gateway configuration, these steps do not apply to that scenario. For that scenario, there is an entirely different set of steps to follow for working with the SSL certificate that is in place on the gateway configurations of the pod. Performing the steps below will not change the SSL certificate that is on the gateway configurations. If your use case involves replacing the SSL certificate that is configured on one or more of the pod's gateway configurations, see instead Replace a Gateway's SSL Certificate with a New One, Such as For a New Expiration Date or to Use a Different FQDN, For a Horizon Cloud Pod in Microsoft Azure. You can examine the FQDN information displayed in the pod details page's gateway-related sections to check if you told your end users to point their clients or browsers to a gateway-related FQDN.

When your environment is configured for what is called single-pod or per-pod brokering, the Workspace ONE Access Connector talks to the pod manager VMs through the Microsoft Azure load balancer that is in front of those appliances. To have that communication, the Workspace ONE Access connector must be able to trust SSL connections to the pod manager VMs. Putting your SSL certificate on those pod manager VMs enables that trusted communication.

To learn about scenarios where the pod manager VMs get configured with SSL certificates, read about pod manager VMs and the special scenarios where they need SSL certificates. The primary use case is when your environment is configured for single-pod brokering, and you are integrating your pod with the Workspace ONE Access Connector so that end users can access their pod-provisioned resources using Workspace ONE Access. To read about that integration workflow at A Horizon Cloud Environment with Single-Pod Brokering — Integrating the Environment's Horizon Cloud Pods in Microsoft Azure with Workspace ONE Access.

Note: When you click Save in the steps below, Horizon Cloud will use those certificate files to configure the certificate on those VMs. This activity takes less than a minute.

The steps below are performed in the Horizon Universal Console.

Prerequisites

Before you start this workflow, verify that you have the required items described in Prerequisites for Running the Horizon Universal Console's Upload Pod Certificate Workflow to Configure SSL Certificates on the Horizon Cloud Pod's Manager VMs. Especially ensure that you have three certificate files that the console's workflow requires and that they meet the criteria described on that linked page.

Attention: Use of SHA-1 hashing function for these certificates is unsupported.
Caution: Uploading and saving incorrect or improperly formed SSL certificate files to the pod can result in loss of access to the pod. If your pod manifest is lower than 3139.x, contact VMware Support for guidance before performing the steps. Because the service's default backup and restore requires a manifest of 3139.x or higher, it is important to contact VMware Support for assistance if your pod manifest is lower than 3139.x before running the Upload Pod Certificate workflow.

Procedure

  1. Select Settings > Capacity.
  2. Open the pod's summary page by clicking the pod's name.
  3. Click > Upload Pod Certificate.
    The Upload Pod Certificate window opens. The following screenshot is an example of the window.
    Screenshot that illustrates the Upload Pod Certificate window with green arrows pointing to each location where a file gets added.

  4. For each of the certificate files listed in the Upload Pod Certificate window, click Select and navigate to where you have the file available to upload.
  5. When the window shows that all of the certificate files are listed, click Save.
    The following screenshot is an illustration of the window with all certificate files listed before saving them to the system.
    Screenshot that illustrates the Upload Pod Certificate window when all three files are selected before saving to the system.

Results

Horizon Cloud uses the certificate files to configure pod's manager VMs with your SSL certificate. This activity takes several seconds. You can verify the status in the pod's summary page.
Screenshot that illustrates the Valid Certificate status that appears next to the CA Certificate and SSL Certificate labels in the UI.