You can use a security-related group policy setting in the View Client Configuration ADM template file (vdm_client.adm) to configure SSL server certificate checking in the Windows-based View Client.

Certificate checking occurs if you configure View Connection Server to require SSL connections for client connections or for connections to View Administrator. Certificate verification includes all the following checks:

Has the certificate been revoked? Is it possible to determine whether the certificate has been revoked?

Is the certificate intended for a purpose other than verifying the identity of the sender and encrypting server communications? That is, is it the correct type of certificate?

Has the certificate expired, or is it valid only in the future? That is, is the certificate valid according to the computer clock?

Does the common name on the certificate match the host name of the server that sends it? A mismatch can occur is if a load balancer redirects the View client to a server with a certificate that does not match the host name the user entered. Another reason a mismatch can occur is if the user enters an IP address rather than a host name in the client.

Is the certificate signed by an unknown or untrusted certificate authority (CA)? Self-signed certificates are one type of untrusted CA.

To pass this check, the certificate's chain of trust must be rooted in the device's local certificate store.

When you first set up a View environment, a default self-signed certificate is used. By default, the certificate verification mode that is used is Warn But Allow. In this mode, when either of the following server certificate issues occurs, a warning is displayed, but the user can choose to continue on and ignore the warning:

A self-signed certificate is provided by the View server. In this case, it is acceptable if the certificate name does not match the View Connection Server name provided by the user in View Client.

A verifiable certificate that was configured in your deployment has expired or is not yet valid.

You can change the default certificate verification mode. You can set the mode to No Security, so that no certificate checking is done. Or you can set the mode to Full Security, so that users are not allowed to connect to the server if any one of the checks fails. You can also allow end users to set the mode for themselves.

Use the Client Configuration ADM template file to change the verification mode. ADM template files for View components are installed in the install_directory\VMware\VMware View\Server\Extras\GroupPolicyFiles directory on your View Connection Server host. For information about using these templates to control GPO settings, see the VMware View Administration document.