Configure an Enrollment Server instance to use a CA-signed TLS certificate by importing the server certificate and the entire certificate chain into the Windows local computer certificate store on the Enrollment Server host.
Procedure
- Generate a CA-signed certificate meeting the requirements below.
- Subject name: FQDN of ES or wildcard
- SAN: FQDN of ES or wildcard
- EKU: Server authentication
- Set friendly name:
vdm.es
- Private key must be marked exportable.
- Signature algorithm to use: SHA384/SHA512
- In the MMC window on the Windows Server host, expand the Certificates (Local Computer) node and select the VMware Horizon View Certificates folder.
- In the Actions pane, go to More Actions > All Tasks > Import.
- Select the certificate file and click Open. To display your certificate file type, you can select its file format from the File name drop-down menu.
- Type the password for the private key that is included in the certificate file.
- Select Mark this key as exportable.
- Select Include all extended properties.
- Click Next and click Finish. The new certificate appears in the Certificates (Local Computer) >Personal >Certificates folder.
- Verify that the new certificate contains a private key.
- In the Certificates (Local Computer) > Personal > Certificates folder, double-click the new certificate.
- In the General tab of the Certificate Information dialog box, verify that the following statement appears: You have a private key that corresponds to this certificate.
- Modify the certificate Friendly name to
vdm.es
.
- Restart the VMware Horizon View Enrollment Server Service to make your changes take effect.
Note:
You must copy the root certificate that was used to generate the Enrollment Server certificate to the Trusted Root Certification Authorities store on the Connection servers.