You can use a security-related group policy setting in the View Client Configuration ADM template file (vdm_client.adm) to configure SSL server certificate checking in the Windows-based View Client.

Certificate checking occurs for SSL connections between View Connection Server and View Client. Certificate verification includes all the following checks:

Has the certificate been revoked? Is it possible to determine whether the certificate has been revoked?

Is the certificate intended for a purpose other than verifying the identity of the sender and encrypting server communications? That is, is it the correct type of certificate?

Has the certificate expired, or is it valid only in the future? That is, is the certificate valid according to the computer clock?

Does the common name on the certificate match the host name of the server that sends it? A mismatch can occur if a load balancer redirects the View client to a server with a certificate that does not match the host name the user entered. A mismatch can also occur if the user enters an IP address rather than a host name in the client.

Is the certificate signed by an unknown or untrusted certificate authority (CA)? Self-signed certificates are one type of untrusted CA.

To pass this check, the certificate's chain of trust must be rooted in the local certificate store of the device.

When you first set up a View environment, a default self-signed certificate is used. By default,Warn But Allowis the certificate verification mode. In this mode, when either of the following server certificate issues occurs, a warning is displayed, but the user can choose to continue on and ignore the warning:

A self-signed certificate is provided by the View server. In this case, it is acceptable if the certificate name does not match the View Connection Server name provided by the user in View Client.

A verifiable certificate that was configured in your deployment has expired or is not yet valid.

You can change the default certificate verification mode. You can set the mode to No Security, so that no certificate checking is done, or you can set the mode to Full Security, so that users are not allowed to connect to the server if any one of the checks fails. You can also allow end users to set the mode for themselves.

Use the Certificate verification mode group policy setting in the Client Configuration ADM template file to change the verification mode. When this group policy setting is configured, the setting is locked in View Client. Users can view the selected verification mode in View Client, but cannot configure the setting. When this group policy setting is not configured or disabled, View Client users can select a verification mode.

ADM template files for View components are installed in the install_directory\VMware\VMware View\Server\Extras\GroupPolicyFiles directory on your View Connection Server host. For information about using these templates to control GPO settings, see the VMware Horizon View Administration document.