After you import a server certificate into the Windows local computer certificate store, you must take additional steps to allow a Horizon 8 server to use the certificate.

Note: The MANAGE_CERTIFICATES privilege is required for successful import certificate functionality.

Procedure

  1. Verify that the server certificate was imported successfully.
  2. Change the certificate Friendly name to vdm.
    vdm must be lower case. Any other certificates with the Friendly name vdm must be renamed, or you must remove the Friendly name from those certificates.
  3. Install the root CA certificate and intermediate CA certificate in the Windows certificate store.
  4. Restart the Connection Server service to allow the service to start using the new certificates.
  5. If you use HTML Access, restart the Blast Secure Gateway service.

Results

To perform the tasks in this procedure, see the following topics:

For more information, see "Configure Horizon Connection Server to Use a New TLS Certificate" in the Horizon 8 Installation and Upgrade document. This section also provides details on using the Certificate Management feature in Horizon Console to import certificates and view security configuration information.

Note: The Horizon 8 Installation and Upgrade topic "Import a Signed Server Certificate into a Windows Certificate Store" is not listed here because you already imported the server certificate by using the certreq utility. You should not use the Certificate Import wizard in the MMC Snap-in to import the server certificate again.

However, you can use the Certificate Import wizard to import the root CA certificate and intermediate CA certificate into the Windows certificate store.