Horizon DaaS allows you to upload custom SSL certificates for each tenant.
To enable a custom certificate, you upload three certificate files in Apache format: SSL Certificate, SSL Key, and CA Certificate. The tenant might provide you with all three files. Or, to ensure the files are generated properly, you can generate the public and private keys yourself, forward these keys to the tenant, and then the tenant can request the signed certificate from the signing authority.
To upload the three certificate files, you navigate to the Certificates tab under tenants (this is a different Certificates tab than the one used for service providers).
- In the Service Center, select tenants > browse tenants.
- On the Tenants screen, click Edit for the tenant.
- Click the Certificates tab.
- On the Certificates tab browse for and select the following three files:
CA Certificate - The public certificate from a certificate authority that was used to sign the tenant certificate. This file will have a .pem or .crt extension.
SSL Certificate - The tenant’s public certificate, which was signed by the CA. This file has a .crt extension, which indicates that it is a certificate file.
SSL Key - The private key used to decrypt the tenant’s SSL certificate. This is needed in order to be able to respond to certificate requests. This file has a .key file extension.
- Click Submit to upload the files.
You can upload the files before or after installing appliances:
Before - The certificate is automatically installed on all the tenant appliances when you click the Submit button.
After - Click the link on the Certificates tab to install the certificate on the tenant appliances.
If the IP address or URL for the tenant's desktop portal does not resolve to the tenants CN in their certificate, the tenant administrator may wish to include in their certificate a Subject Alternative Name so that the desktop portal's URL accessed by web clients can be matched to the uploaded tenant certificate. For more details on how to add a Subject Alternative Name to the certificate, contact the certificate authority.
To back up, copy the files to /usr/local/desktone/cert/temp on the primary Tenant appliance so they are backed up by the automated backup process.