Hi,
we have Horizon 7.4.0 deployment which has no internet connectivity and I have used wildcard SSL certificates issued by commercial CA.
As per KB 2000063 (VMware Knowledge Base) this is caused because CRL list is not accessible from connection server so I have implemented the suggested workaround described in the article or in the Horizon documentation (Configuring Certificate Revocation Checking on Server Certificates).
If you have your own CA but do not or cannot include certificate revocation information in your certificate, you can choose not to check certificates for revocation or to check only certain certificates in a chain. On the server, with the Windows Registry Editor, you can create the string (REG_SZ) value CertificateRevocationCheckType, under HKLM\Software\VMware, Inc.\VMware VDM\Security, and set this value to one of the following data values.
Value | Description |
|---|
1 | Do not perform certificate revocation checking. |
But it seems that this doesn't work for commercial CA, like comodo, godaddy, ...
Do I have any other option here to make certificate trusted ?
Thank you.
