When you configure CRL checking, VMware Horizon reads a CRL to determine the revocation status of a smart card user certificate.

Prerequisites

Familiarize yourself with the locked.properties file properties for CRL checking. See Smart Card Certificate Revocation Checking Properties.

Procedure

  1. Create or edit the locked.properties file in the TLS/SSL gateway configuration folder on the Connection Server host.
    For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties
  2. Add the enableRevocationChecking and crlLocation properties to the locked.properties file.
    1. Set enableRevocationChecking to true to enable smart card certificate revocation checking.
    2. Set crlLocation to the location of the CRL. The value can be a URL or a file path.
  3. Restart the Connection Server service to make your changes take effect.

Example: locked.properties File

The file shown enables smart card authentication and smart card certificate revocation checking, configures CRL checking, and specifies a URL for the CRL location. 

trustKeyfile=lonqa.key
trustStoretype=jks
useCertAuth=true
enableRevocationChecking=true
crlLocation=http://root.ocsp.net/certEnroll/ocsp-ROOT_CA.crl

To specify multiple CRL location properties, add the properties as follows:

crlLocation.1=http://location1.crl
crlLocation.2=http://location2.crl

Restart the Connection Server or security server to make your changes take effect.