At installation Horizon Connection Server generates a self-signed enrollment service client certificate. You can replace this self-signed certificate with a CA-signed certificate.
The enrollment service client certificate is used for securing communication between Connection Server and the enrollment server. If you are replacing this certificate with a CA-signed certificate, the new certificate should be imported to the enrollment server and the Root CA certificate should be added to the Trusted Root Certification Authorities store on the enrollment server. For more information see the "Setting Up True SSO" section in the Horizon 8 Administration document.
Procedure
Results
When the Connection Server has accepted the new certificate, the friendly name of the certificate will change from vdm.ec.new
to vdm.ec
. If the certificate is not accepted for any reason the old certificate will be moved from LDAP to the Windows certificate store. The other servers in the cluster will fetch this certificate from LDAP.