Horizon Client and the Horizon console communicate with a connection broker over secure HTTPS connections. Information about the server certificate on the connection broker is communicated to the client as part of the TLS handshake between client and server.

The initial Horizon Client connection, which is used for user authentication and remote desktop and application selection, is created when a user opens Horizon Client and provides a fully qualified domain name for the connection broker or Unified Access Gateway host. The console connection is created when an administrator enters the console URL into a web browser.

In VMware Horizon 8 environments a default TLS server certificate is generated during Connection Server installation. By default, TLS clients are presented with this certificate when they visit a secure page such as the Horizon console.

You can use the default certificate for testing, but you should replace it with your own certificate as soon as possible. The default certificate is not signed by a commercial Certificate Authority (CA). Use of non-certified certificates can allow untrusted parties to intercept traffic by masquerading as your server.