Install VMware Horizon Connection Server Certificate

Installing an SSL/TLS certificate on the VMware Horizon Connection Server is a common task. The whole process may feel daunting if you’ve never installed a certificate on the Horizon Connection Server.

VMware Horizon has had a few names, and some of those old names are still present at its core. VMware Horizon was originally called VMware VDM (Virtual Desktop Manager), later renamed VMware Horizon View, and today, it is called Horizon.

In this post, I will show you step-by-step how to install a certificate on the Horizon Connection Server and update the VMware Unified Access Gateway appliance to reflect the changes.

Prerequisites

• Install the PFX certificate on the VMware Horizon Connection Server if you need to learn how my post Install PFX Certificate in Windows details all the steps.

The Process

The process is broken up into two sections. The first section details the steps needed on the VMware Horizon Connection Server, and the second section details the steps needed on the VMware Unified Access Gateway appliance.

VMware Horizon Connection Server

• Connect to your Horizon Connection Server
• Open MMC.
• Add the Certificates Snap-in.

• Select Computer account and click Next.

• Select Local computer and click Finish.

• Click OK to close the Add or Remove Snap-ins window.

• Expand out Certificates (Local Computer) > Personal > Certificates.

• You will see that one of the certificates has the friendly name vdm.

We need to change the old certificate’s name from vdm to something else. The VMware Horizon Connection Server is looking for the certificate with the friendly name vdm. It won’t work if there are none or if there are two of them named vdm.

• Right-click on the certificate currently named VDM and click on Properties.

• Change the Friendly name to something other than VDM. I will use the name original cert.
• Click Apply, then click OK.

• Right-click on the new certificate and click on Properties.

• Change the Friendly name to vdm.
• Click Apply, then click OK.

• Open Services.

• Restart the VMware Horizon View Connection Server service.

• The new certificate will be active once the VMware Horizon Connection Server service has finished restarting.

If you run into the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, double-check everything. This error can show up if you have more than one friendly name of vdm, or exporting the private key wasn’t enabled when the PFX was installed, or the CSR was created using (No template) CNG key.

VMware Unified Access Gateway

Before we make any changes to the UAG, we need to collect the certificate thumbprint.

• Go to the URL of your VMware Horizon Connection Server in a web browser.
• Click on the lock icon to View site information.

• Click on Connection is secure.

• Click on the certificate icon to show the certificate.

• Under SHA-256 Fingerprints, copy the value for the certificate. We will need this on the UAG.

• Login to the UAG.

• Select Configure Manually

• Toggle the option to show Edge Services Settings.

• Click on Horizon Settings.

• For the Connection Server URL Thumbprint, enter sha256= then enter the fingerprint we copied earlier.
• Click Save.

That’s all it takes to install a certificate on the VMware Horizon Connection Server and to update the VMware Unified Access Gateway appliance with the updated certificate thumbprint.

If you want to read more about TLS certificates on the VMware Horizon Connection Server, here is the Omnissa documentation.

Related posts:

Install VMware Horizon Connection Server VMware Unified Access Gateway Certificate Install Install VMware vCenter Certificate in Windows VMware Horizon Desktop Pool without vCenter