If your organization does not provide you with an TLS server certificate, you must request a new certificate that is signed by a CA. To obtain a new signed certificate you must generate a Certificate Signing Request (CSR) and submit a certificate request to a CA. You can do this from the Horizon Console.

Note: The MANAGE_CERTIFICATES privilege is required for successful CSR generation.

Procedure

  1. Click Generate CSR from the Certificate Management page.
  2. Enter a subject name, for example, the current Connection Server name. If you are using a wildcard, enter an alternative name as well.
    Note:
    • The subject name must be in the form of the supported X.500 keys, for example, CN, L, O, OU, E, C, S, ST, T Title, G, I, SN, DC. See X.500 distinguished name for details.
  3. Click Generate CSR.
  4. Use the Copy and the Download buttons to copy or download the CSR, then provide it to your CA to give you a CA-signed PEM certificate. The downloaded file is named certificate_<timestamp>.csr.
  5. You can then import the PEM certificate using the Import button.