When a Connection Server instance is installed, the installer creates a registry setting with a value that contains the FQDN of the computer. You must verify that this value matches the server name part of the URL that security scanners use to reach the PSG port. The server name also must match the subject name or a subject alternate name (SAN) of the TLS certificate that you intend to use for the PSG.

For example, if a scanner connects to the PSG with the URL https://view.customer.com:4172, the registry setting must have the value view.customer.com. Note that the FQDN of the Connection Server computer that is set during installation might not be the same as this external server name.

Procedure

  1. Start the Windows Registry Editor on the Connection Server host where the PCoIP Secure Gateway is running.
  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Teradici\SecurityGateway\SSLCertPsgSni registry setting.
  3. Verify that the value of the SSLCertPsgSni setting matches the server name in the URL that scanners will use to connect to the PSG and matches the subject name or a subject alternate name of the TLS certificate that you intend to install for the PSG.
    If the value does not match, replace it with the correct value.
  4. To make your changes take effect, restart the VMware Horizon PCoIP Secure Gateway service.

What to do next

Import the CA-signed certificate into the Windows local computer certificate store and configure the certificate Friendly name.