You must follow certain guidelines for configuring SSL certificates for View servers and related components.

SSL is required for View Client connections to View. Client-facing View Connection Server instances, security servers, and intermediate servers that terminate SSL connections require SSL server certificates.

By default, when you install View Connection Server or security server, the installation generates a self-signed certificate for the View server. However, the installation uses an existing certificate in the following cases:

If a valid certificate with a Friendly name of vdm already exists in the Windows Certificate Store

If you upgrade to View 5.1 or later from an earlier release, and a valid keystore file is configured on the Windows Server computer. The installation extracts the keys and certificates and imports them into the Windows Certificate Store.

Before you add vCenter Server and View Composer to View Manager in a production environment, make sure that vCenter Server and View Composer use certificates that are signed by a CA.

For information about replacing the default certificate for vCenter Server, see "Replacing vCenter Server Certificates" on the VMware Technicap Papers site at

If you install vCenter Server and View Composer on the same Windows Server host, they can use the same SSL certificate, but you must configure the certificate separately for each component.

To comply with industry or jurisdiction security regulations, you can replace the default SSL certificate that is generated by the PCoIP Secure Gateway (PSG) service with a certificate that is signed by a CA. Configuring the PSG service to use a CA-signed certificate is highly recommended, particularly for deployments that require you to use security scanners to pass compliance testing. See Configure the PCoIP Secure Gateway to Use a New SSL Certificate.

By default, the Blast Secure Gateway (BSG) uses the SSL certificate that is configured for the View Connection Server instance or security server on which the BSG is running. If you replace the default, self-signed certificate for a View server with a CA-signed certificate, the BSG also uses the CA-signed certificate.

You do not have to configure SSL certificates for View Transfer Server if you are installing View 5.1 or later.

A default, self-signed certificate is installed with View Transfer Server that View Connection Server uses to handle secondary connections to View Clients. See View Transfer Server and SSL Certificates.

VMware Horizon Suite uses SAML 2.0 authenticators to provide Web-based authentication and authorization across security domains. If you want View to delegate authentication to the Horizon Suite, you can configure View to accept SAML 2.0 authenticated sessions from Horizon Suite. When Horizon Application Manager is configured to support View, Horizon users can connect to View desktops by selecting desktop icons on the Horizon User Portal.

In View Administrator, you can configure SAML 2.0 authenticators for use with View Connection Server instances.

Before you add a SAML 2.0 authenticator in View Administrator, make sure that the SAML 2.0 authenticator uses a certificate that is signed by a CA.

For general information about requesting and using SSL certificates that are signed by a CA, see Benefits of Using SSL Certificates Signed by a CA.

When View Clients connect to a View Connection Server instance or security server, they are presented with the View server's SSL server certificate and any intermediate certificates in the trust chain. To trust the server certificate, the client systems must have installed the root certificate of the signing CA.

When View Connection Server communicates with vCenter Server and View Composer, View Connection Server is presented with SSL server certificates and intermediate certificates from these servers. To trust the vCenter Server and View Composer servers, the View Connection Server computer must have installed the root certificate of the signing CA.

Similarly, if a SAML 2.0 authenticator is configured for View Connection Server, the View Connection Server computer must have installed the root certificate of the signing CA for the SAML 2.0 server certificate.