OleWeel
Enthusiast
Enthusiast

Certificate question

Jump to solution

Hi,

We a configuring a Horizon View in a closed network, no access to internet.

I was wondering about the certificate that is created under installation, as I understand this certificate should be replaced since this system will be production.

Do we need to create a own CA system within our domain for this ? Or is it possible to create a CSR and request some kind of certificate from a certificate vendor like godaddy.com ? or will this fails since we don`t have access to internet and it will then not be able to verify the chain ?

I don`t have much knowledge when it comes to certificates

Thanks for reply

Regards Andreas
0 Kudos
1 Solution

Accepted Solutions
andiwe79
Enthusiast
Enthusiast

Hi,

you can use a certificate of your own CA as well as a valid certificate from any other public CA.
If you use your own CA you should make sure that your root certificate is trusted by the clients. If not then they would get the error as now with the self signed one.

If you request a certificate please make sure you read the guide (obtaining a signed ssl certificate) regarding e.g. key length.

CRL should be in place but is not needed. If you can't reach the CRL and Horizon displays the servers red/faulty in admin gui please check this KB: VMware Knowledge Base

Best regards

Andi

View solution in original post

0 Kudos
1 Reply
andiwe79
Enthusiast
Enthusiast

Hi,

you can use a certificate of your own CA as well as a valid certificate from any other public CA.
If you use your own CA you should make sure that your root certificate is trusted by the clients. If not then they would get the error as now with the self signed one.

If you request a certificate please make sure you read the guide (obtaining a signed ssl certificate) regarding e.g. key length.

CRL should be in place but is not needed. If you can't reach the CRL and Horizon displays the servers red/faulty in admin gui please check this KB: VMware Knowledge Base

Best regards

Andi

View solution in original post

0 Kudos