To allow the HTML Access Agent to use a CA-signed certificate that was imported into the Windows certificate store, you must configure the certificate thumbprint in a Windows registry key. You must take this step on each desktop on which you replace the default certificate with a CA-signed certificate.

Prerequisites

Verify that the CA-signed certificate is imported into the Windows certificate store. See Import a Certificate for the HTML Access Agent into the Windows Certificate Store.

Procedure

  1. In the MMC window on the View desktop where the HTML Access Agent is installed, navigate to the Certificates (Local Computer) > Personal > Certificates folder.
  2. Double-click the CA-signed certificate that you imported into the Windows certificate store.
  3. In the Certificates dialog box, click the Details tab, scroll down, and select the Thumbprint icon.
  4. Copy the selected thumbprint to a text file.

    For example: 31 2a 32 50 1a 0b 34 b1 65 46 13 a8 0a 5e f7 43 6e a9 2c 3e

    Note:

    When you copy the thumbprint, do not to include the leading space. If you inadvertently paste the leading space with the thumbprint into the registry key (in Step 7), the certificate might not be configured successfully. This problem can occur even though the leading space is not displayed in the registry value text box.

  5. Start the Windows Registry Editor on the desktop where the HTML Access Agent is installed.
  6. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config registry key.
  7. Modify the SslHash value and paste the certificate thumbprint into the text box.
  8. Restart the VMware Blast service to make your changes take effect.

    In the Windows guest operating system, the service for the HTML Access Agent is called VMware Blast.

Results

When a user connects to a desktop through HTML Access, the HTML Access Agent presents the CA-signed certificate to the user's browser.