Horizon Client and Horizon Console communicate with a Horizon Connection Server host over secure HTTPS connections. Information about the server certificate on Connection Server is communicated to the client as part of the TLS handshake between client and server.
The initial Horizon Client connection, which is used for user authentication and remote desktop and application selection, is created when a user opens Horizon Client and provides a fully qualified domain name for the Connection Server or Unified Access Gateway host. The Horizon Console connection is created when an administrator types the Horizon Console URL into a web browser.
A default TLS server certificate is generated during Connection Server installation. By default, TLS clients are presented with this certificate when they visit a secure page such as Horizon Console.
You can use the default certificate for testing, but you should replace it with your own certificate as soon as possible. The default certificate is not signed by a commercial Certificate Authority (CA). Use of non-certified certificates can allow untrusted parties to intercept traffic by masquerading as your server.