We are running Horizon View v6.1.  We have 4 Security Servers (each paired with 1 unique Connection Server).  Our 4 Security Servers sit in a pool behind a Load balancer Virtual IP (DNS name software.myschool.edu).  We have a Thawte certificate which terminates on the Load Balancer for software.myschool.edu.  Our Load balancer is configured to terminate SSL for the clients and re-encrypt to View servers.

Currently, the certificate called "software.myschool.edu" has additional subject alternative names for each Security Server and Connection Server.  Therefore the certificate supports a total of 9 DNS names and is placed on the 4 Security Servers, 4 Connection servers (with friendly name "vdm") and the Load Balancer VIP.

Our theory is that we really only need the Thawte certificate at the load balancer level (being that the external clients talk directly to the load balancer).  Our external clients never speak directly to the Security Servers or Connection Servers.  As I mentioned, the Security servers are in a pool on our load balancer and if I understand correctly, the Security Servers speak to the Connection Servers.

That being said, is it possible to renew our certificate (software.myschool.edu) with no additional subject alternative names and place that certificate on our Load Balancer.  Then create Active Directory Certificates (using the connection/security server's hostname with Friendly name "vdm") for our Security and Connection Servers?

Please note..We are using HTML5 and PCOIP for our applications and vdi desktops (all through our Load Balancer.  PCOIP is proxied by the Security Servers).  We also have VIDM installed, but this is a separate VIP on our Load balancer with a separate Thawte certificate.  It is our understanding that VIDM hands off the traffic to our View environment (software.myschool.edu) once the user clicks on an app or VDI desktop and is not involved with the View environment.