The first thing to check is which certificate has expired, I recommend you access the OS of one of the connection servers and check, launching the SNAP-IN of the local certificates of the computer
Check in the certificate store called personal which certificate to the VDM friendly name and verify its expiration date (as indicated in the arrow)
If the certificate has expired (as likely) you have to renew it and here you have two ways:
- The certificate is issued by a public CA (at this point you must request the renewal of the certificates from the person who generates the certificate for you)
- If the certificate is issued by an internal PKI (such as a Microsoft ROOTCA) you must renew by asking who you managed your company's internal PKI.
You can check if it is a certificate issued by a public or private CA by clicking on the certificate in question
You can also tell if the FQDN to which the certificate is linked is a private or public domain name.
Once you have the certificate just install it on the operating systems that host the various connection servers and give it the friendly name VDM.
A possible way, but I do not recommend it is to configure all horizon clients (Thinclient or windows client not to verify the certificate) but it is highly discouraged.