When you add vCenter Server and View Composer instances to Horizon View, you must ensure that the SSL certificates that are used for the vCenter Server and View Composer instances are valid and trusted by View Connection Server. If the default certificates that are installed with vCenter Server and View Composer are still in place, you must determine whether to accept these certificates' thumbprints.

If a vCenter Server or View Composer instance is configured with a certificate that is signed by a CA, and the root certificate is trusted by View Connection Server, you do not have to accept the certificate thumbprint. No action is required.

If you replace a default certificate with a certificate that is signed by a CA, but View Connection Server does not trust the root certificate, you must determine whether to accept the certificate thumbprint. A thumbprint is a cryptographic hash of a certificate. The thumbprint is used to quickly determine if a presented certificate is the same as another certificate, such as the certificate that was accepted previously.

Note

If you install vCenter Server and View Composer on the same Windows Server host, they can use the same SSL certificate, but you must configure the certificate separately for each component.

For details about configuring SSL certificates, see "Configuring SSL Certificates for View Servers" in the VMware Horizon View Installation document.

You first add vCenter Server and View Composer in View Administrator by using the Add vCenter Server wizard. If a certificate is untrusted and you do not accept the thumbprint, you cannot add vCenter Server and View Composer.

After these servers are added, you can reconfigure them in the Edit vCenter Server dialog box.

Note

You also must accept a certificate thumbprint when you upgrade from an earlier release to Horizon View 5.1 or later, and a vCenter Server or View Composer certificate is untrusted, or if you replace a trusted certificate with an untrusted certificate.

On the View Administrator dashboard, the vCenter Server or View Composer icon turns red and an Invalid Certificate Detected dialog box appears. You must click Verify and follow the procedure shown here.

Similarly, in View Administrator you can configure a SAML 2.0 authenticator for use by a View Connection Server instance. If the SAML 2.0 server certificate is not trusted by View Connection Server, you must determine whether to accept the certificate thumbprint. If you do not accept the thumbprint, you cannot configure the SAML 2.0 authenticator in Horizon View. After a SAML 2.0 authenticator is configured, you can reconfigure it in the Edit View Connection Server dialog box.

1

When View Administrator displays an Invalid Certificate Detected dialog box, click View Certificate.

2

Examine the certificate thumbprint in the Certificate Information window.

3

Examine the certificate thumbprint that was configured for the vCenter Server or View Composer instance.

a

On the vCenter Server or View Composer host, start the MMC snap-in and open the Windows Certificate Store.

b

Navigate to the vCenter Server or View Composer certificate.

c

Click the Certificate Details tab to display the certificate thumbprint.

Similarly, examine the certificate thumbprint for a SAML 2.0 authenticator. If appropriate, take the preceding steps on the SAML 2.0 authenticator host.

4

Verify that the thumbprint in the Certificate Information window matches the thumbprint for the vCenter Server or View Composer instance.

Similarly, verify that the thumbprints match for a SAML 2.0 authenticator.

5

Determine whether to accept the certificate thumbprint.

Option

Description

The thumbprints match.

Click Accept to use the default certificate.

The thumbprints do not match.

Click Reject.

Troubleshoot the mismatched certificates. For example, you might have provided an incorrect IP address for vCenter Server or View Composer.