You can set up trusted CA-Signed TLS server certificate to ensure that traffic between clients and desktops is not fraudulent.

Prerequisites

  • Replace the default self-signed TLS server certificate with a trusted CA-signed TLS server certificate. See TLS. This creates a certificate that has the Friendly Name value vdm.
  • If the client's static content is served by the desktop, set up static content delivery. See Windows - Set Up the Desktop for HTML Access.
  • Familiarize yourself with the Windows Certificate Store. See "Configure Connection Server to Use a New TLS Certificate" in the Horizon Installation document.

Procedure

  1. In the Windows Certificate Store, navigate to Personal > Certificates.
  2. Double-click the certificate with Friendly Name vdm.
  3. Click the Details tab.
  4. Copy the Thumbprint value.
  5. Start the Windows Registry Editor.
  6. Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config.
  7. Add a new String (REG_SZ) value, SSLHash, to this registry key.
  8. Set the SSLHash value to the Thumbprint value.