When you receive updated server TLS certificates or intermediate certificates, you import the certificates into the Windows local computer certificate store on each Connection host.

Typically, server certificates expire after 12 months. Root and intermediate certificates expire after 5 or 10 years.

Prerequisites

  • Obtain updated server and intermediate certificates from the CA before the currently valid certificates expire.
  • Verify that the Certificate snap-in was added to MMC on the Windows Server on which the Connection Server instance was installed.

Procedure

  1. Import the signed TLS server certificate into the Windows local computer certificate store on the Windows Server host.
    1. In the Certificate snap-in, import the server certificate into the Certificates (Local Computer) > Personal > Certificates folder.
    2. Select Mark this key as exportable.
    3. Click Next and click Finish.
  2. For Connection Server, delete the certificate Friendly name, vdm, from the old certificate that was issued to the VMware Horizon server.
    1. Right-click the old certificate and click Properties
    2. On the General tab, delete the Friendly name text, vdm.
  3. For Connection Server, add the certificate Friendly name, vdm, to the new certificate that is replacing the previous certificate.
    1. Right-click the new certificate and click Properties
    2. On the General tab, in the Friendly name field, type vdm.
    3. Click Apply and click OK.
  4. If intermediate certificates are issued to a Connection Server host, import the most recent update to the intermediate certificates into the Certificates (Local Computer) > Intermediate Certification Authorities > Certificates folder in the Windows certificate store.
  5. Restart the VMware Horizon Connection Server service to make your changes take effect.