Configure an Enrollment Server instance to use a CA-signed TLS certificate by importing the server certificate and the entire certificate chain into the Windows local computer certificate store on the Enrollment Server host.

Procedure

  1. Generate a CA-signed certificate meeting the requirements below.
    • Subject name: FQDN of ES or wildcard
    • SAN: FQDN of ES or wildcard
    • EKU: Server authentication
    • Set friendly name: vdm.es
    • Private key must be marked exportable.
    • Signature algorithm to use: SHA384/SHA512
  2. In the MMC window on the Windows Server host, expand the Certificates (Local Computer) node and select the VMware Horizon View Certificates folder.
  3. In the Actions pane, go to More Actions > All Tasks > Import.
  4. Select the certificate file and click Open. To display your certificate file type, you can select its file format from the File name drop-down menu.
  5. Type the password for the private key that is included in the certificate file.
  6. Select Mark this key as exportable.
  7. Select Include all extended properties.
  8. Click Next and click Finish. The new certificate appears in the Certificates (Local Computer) >Personal >Certificates folder.
  9. Verify that the new certificate contains a private key.
    • In the Certificates (Local Computer) > Personal > Certificates folder, double-click the new certificate.
    • In the General tab of the Certificate Information dialog box, verify that the following statement appears: You have a private key that corresponds to this certificate.
  10. Modify the certificate Friendly name to vdm.es.
  11. Restart the VMware Horizon View Enrollment Server Service to make your changes take effect.
    Note:

    You must copy the root certificate that was used to generate the Enrollment Server certificate to the Trusted Root Certification Authorities store on the Connection servers.