You need to update trusted certificates before they expire to ensure continued client access to the Horizon FLEX server.

When a certificate expires, and a new certificate has an expiration date that is set far into the future, you can add the new certificate as a second certificate to the trusted certificates list in the Horizon FLEX Policy Server.

Adding the new certificate to the trusted certificates list enables all Horizon FLEX virtual machines to download the new certificate. Then, when the certificate switch occurs, all of the Horizon FLEX virtual machines that received the new list of certificates can connect to the Horizon FLEX server and you can remove the old trusted certificate from the policy file.

To import, export or delete certificates in the Horizon FLEX Admin Console, click the General Systems Settings icon and select Certificates.

Caution

When updating certificates, verify that the updated certificates are valid before propagating them to the virtual machine instances using a policy update. If you install an invalid certificate on the Horizon FLEX Admin Console, virtual machines with embedded certificates inherit the invalid certificate. As a result, these virtual machines will be unable to connect to the Horizon FLEX server.

When updating certificates, you should follow these guidelines:

Update certificates before the existing ones expire.

Add the new certificate from the Horizon FLEX Admin Console. Make sure that the trusted certificate list, including the old certificates and the new certificates, can be synchronized to the clients. See Configure the System Certificate Store for the Horizon FLEX Server.

Both the old and new certificates are now available in the virtual machine policy. If the Horizon FLEX server deploys both certificates, the client should continue to maintain access to the server.

After the new certificate is added to the virtual machine policy, change the server from IIS Manager to bind the new certificate to the Mirage Management Web Site. For more information, see Configure the IIS SSL Server Certificate for the Horizon FLEX Server.

After the new certificate binds to the Mirage Management Web site, the client can continue accessing the server .