You can create a self-signed certificate for the Horizon FLEX server by using OpenSSL.

Note

If the certificate is commercially issued by a trusted root certificate authority or intermediate certificate authority, this task is not required.

The OpenSSL configuration file is created on the Mirage Gateway Server. See the Mirage documentation at https://www.vmware.com/support/pubs/mirage_pubs.html.

1

At the OpenSSL command prompt, create a certificate: $ openssl req -new -days expiration time -x509 -newkey rsa:2048 - keyout key filename -outcertificate filename -nodes

expiration time represents the number of days that the certificate should be valid, key filename represents the filename for the key, and certificate filename represents the new certificate name.

A self-signed certificate and a private key are generated. The certificate uses a 2048-bit RSA key and does not protect the key with a passphrase.

2

When prompted, enter the country name, state name, locality, organization name, and organizational unit name.

3

In the Common Name text box, enter the host name of the Horizon FLEX server to be protected.

This text box must be completed.

4

Enter the email address.

The self-signed certificate and associated private key are generated.

5

If the private key must be in .pfx format , enter the following command by using the certificate name and key filename generated in the previous steps: $ openSSL pkcs12 -export -outoutput pfx filename -inkey key filename -in certificate name

A new password-protected .pfx file is generated that can be deployed on any device that requires .pfx certificates instead of PEM certificates.