Some enterprises use certificates generated by their own company or other certificate authorities. These certificates have not been included in the trusted certificate authority list.

All communication in the vApp is processed by the Horizon Workspace FQDN server. Horizon Workspace pre-loads the machines in the vApp to trust the major certificate vendors. As a result, if custom SSL certificates chain to one of the major certificate vendors or if you want to use a new private certificate, you can apply the new certificate by copying it to the load balancers, Gateway, or Connector.

If Horizon Workspace FQDN points to a load balancer, the SSL certificate can only be applied to the load balancer. Since the load balancer communicates with the gateway-va virtual machine, you must copy the Horizon Workspace root CA certificate to the load balancer as a trusted root certificate. When you update your certificate, if you are using View integration, you must follow the steps in Establish SSL Trust between the Connector and the View Connection Server.

When you use multiple load balancers, you must copy both your major and private certificates to all of them. If you do not use a load balancer, the Horizon Workspace FQDN points to the gateway-va virtual machine. In this case, you must apply the SSL certificate to the gateway-va virtual machine.

1

Apply the certificate to each of your load balancers. Refer to the documentation from your load balancer vendor.

2

Apply the certificate to the gateway-va virtual machine.

a

Go to Configurator virtual machine at https://configurator-va.

b

Log in and click SSL Certificate.

c

Copy the complete certificate chain and private key. Ensure that the certificate includes the Horizon Workspace FQDN hostname in the CN.

d

Save the SSL certificate.

The Configurator copies the certificate to the gateway-va virtual machine.

3

If your deployment uses external connectors that grant users access to the connector as an IDP URL either directly or through a load balancer, apply the certificate to the connector-va virtual machine.

a

Go to Connector virtual machine at https://connector-va/hc/admin.

b

Log in and click SSL Certificate.

c

Copy the complete certificate chain and private key. Ensure that the certificate includes the FQDN hostname for the connector-va virtual machine in the CN.

d

Save the SSL certificate.

The Configurator copies the certificate to the connector-va virtual machine.

4

Verify that users can log in successfully.

Horizon Workspace will use the newly applied certificate.