You must import the TLS server certificate into the Windows local computer certificate store on the Windows Server host on which Connection Server is installed.

Depending on your certificate file format, the entire certificate chain that is contained in the keystore file might be imported into the Windows local computer certificate store. For example, the server certificate, intermediate certificate, and root certificate might be imported.

For other types of certificate files, only the server certificate is imported into the Windows local computer certificate store. In this case, you must take separate steps to import the root certificate and any intermediate certificates in the certificate chain.

For more information about certificates, consult the Microsoft online help available with the Certificate snap-in to MMC.

Note: If you off-load TLS connections to an intermediate server, you must import the same TLS server certificate onto both the intermediate server and the off-loaded VMware Horizon server. For details, see "Off-load TLS Connections to Intermediate Servers" in the Scenarios for Setting Up TLS Certificates for Horizon document.

Prerequisites

Verify that the Certificate snap-in was added to MMC. See Add the Certificate Snap-In to MMC.

Procedure

  1. In the MMC window on the Windows Server host, expand the Certificates (Local Computer) node and select the Personal folder.
  2. In the Actions pane, go to More Actions > All Tasks > Import.
  3. In the Certificate Import wizard, click Next and browse to the location where the certificate is stored.
  4. Select the certificate file and click Open.
    To display your certificate file type, you can select its file format from the File name drop-down menu.
  5. Type the password for the private key that is included in the certificate file.
  6. Select Mark this key as exportable.
  7. Select Include all extended properties.
  8. Click Next and click Finish.
    The new certificate appears in the Certificates (Local Computer) > Personal > Certificates folder.
  9. Verify that the new certificate contains a private key.
    1. In the Certificates (Local Computer) > Personal > Certificates folder, double-click the new certificate.
    2. In the General tab of the Certificate Information dialog box, verify that the following statement appears: You have a private key that corresponds to this certificate.

What to do next

Modify the certificate Friendly name to vdm.