You can set up trusted CA-Signed TLS server certificate to ensure that traffic between clients and desktops is not fraudulent.
Prerequisites
- Replace the default self-signed TLS server certificate with a trusted CA-signed TLS server certificate. See TLS. This creates a certificate that has the Friendly Name value vdm.
- If the client's static content is served by the desktop, set up static content delivery. See Windows - Set Up the Desktop for HTML Access.
- Familiarize yourself with the Windows Certificate Store. See "Configure Connection Server to Use a New TLS Certificate" in the Horizon Installation document.
Procedure
- In the Windows Certificate Store, navigate to Personal > Certificates.
- Double-click the certificate with Friendly Name vdm.
- Click the Details tab.
- Copy the Thumbprint value.
- Start the Windows Registry Editor.
- Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config.
- Add a new String (REG_SZ) value, SSLHash, to this registry key.
- Set the SSLHash value to the Thumbprint value.