VMware strongly recommends that you configure TLS certificates for authentication of Connection Server instances.

A default TLS server certificate is generated when you install Connection Server instances. You can use the default certificate for testing purposes.

Certificates used for communication between Connection Servers and also between Horizon Agents and Connection Server instances, are replaced using an automatic mechanism, and cannot be replaced manually. For more details, see the Horizon Security document.

Important: Replace the default certificate as soon as possible. The default certificate is not signed by a Certificate Authority (CA). Use of certificates that are not signed by a CA can allow untrusted parties to intercept traffic by masquerading as your server.