When you install Horizon Agent for Linux, the installer generates by default a self-signed certificate for VMwareBlastServer.

  • When the Blast Security Gateway is disabled on the Horizon Connection Server, VMwareBlastServer presents the self-signed certificate to the browser that uses HTML Access to connect to the Linux desktop.
  • When the Blast Security Gateway is enabled on the Horizon Connection Server, the Blast Security Gateway presents its certificate to the browser.

To comply with industry or security regulations, you can replace the self-signed certificate for VMwareBlastServer with a certificate that is signed by a Certificate Authority (CA).


  1. Install the private key and the certificate to VMwareBlastServer.
    1. Rename the private key to rui.key and the certificate to rui.crt .
    2. Run sudo chmod 550 /etc/vmware/ssl.
    3. Copy the rui.crt and rui.key to /etc/vmware/ssl.
    4. Run chmod 440 /etc/vmware/ssl.
  2. Install the root and intermediate CA certificates into the Linux OS Certificate Authority store.
    For information about additional system settings that must be changed to support the CA certificate chain, refer to the documentation for your Linux distribution.