To configure a Connection Server instance to use a TLS certificate, you must import the server certificate and the entire certificate chain into the Windows local computer certificate store on the Connection Server host.
In a pod of replicated Connection Server instances, you must import the server certificate and certificate chain on all instances in the pod.
By default, the Blast Secure Gateway (BSG) uses the TLS certificate that is configured for the Connection Server instance on which the BSG is running. If you replace the default, self-signed certificate for a VMware Horizon server with a CA-signed certificate, the BSG also uses the CA-signed certificate.
Important: To configure Connection Server to use a certificate, you must change the certificate Friendly name to
vdm. Also, the certificate must have an accompanying private key.