Windows - Set Up Trusted CA-Signed TLS Server Certificate

You can set up trusted CA-Signed TLS server certificate to ensure that traffic between clients and desktops is not fraudulent.

Prerequisites

Replace the default self-signed TLS server certificate with a trusted CA-signed TLS server certificate. See TLS. This creates a certificate that has the Friendly Name value vdm.
If the client's static content is served by the desktop, set up static content delivery. See Windows - Set Up the Desktop for HTML Access.
Familiarize yourself with the Windows Certificate Store. See "Configure Connection Server to Use a New TLS Certificate" in the Horizon 8 Installation and Upgrade document.

In the Windows Certificate Store, navigate to Personal > Certificates.
Double-click the certificate with Friendly Name vdm.
Click the Details tab.
Copy the Thumbprint value.
Start the Windows Registry Editor.
Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config.
Add a new String (REG_SZ) value, SSLHash, to this registry key.
Set the SSLHash value to the Thumbprint value.