You configure certificates for Horizon 8 by importing the certificates into the Windows local computer certificate store on the Horizon 8 server host.

Before you can import a certificate, you must generate a Certificate Signing Request (CSR) and obtain a valid, signed certificate from a CA. If the CSR is not generated according to the example procedure described in this scenario, the resulting certificate and its private key must be available in a PKCS#12 (formerly called PFX) format file.

There are many ways to obtain TLS certificates from a CA. This scenario shows how to use the Microsoft certreq utility to generate a CSR and make a certificate available to a Horizon 8 server. You can use another method if you are familiar with the required tools and they are installed on your server.

Use this scenario to solve the following problems:

• You do not have TLS certificates that are signed by a CA, and you do not know how to obtain them
• You have valid, signed TLS certificates, but they are not in PKCS#12 (PFX) format

If your organization provides you with TLS certificates that are signed by a CA, you can use these certificates. Your organization can use a valid internal CA or a third-party, commercial CA. If your certificates are not in PKCS#12 format, you must convert them. See Convert a Certificate File to PKCS#12 Format.

When you have a signed certificate in the proper format, you can import it into the Windows certificate store and configure a Horizon 8 server to use it. See Set Up an Imported Certificate for a Horizon 8 Server.