Home > Blogs > Horizon Tech Blog


SSL certs in Horizon Cloud on Azure

A while ago I wrote about Certificates and how to convert between different encodings (https://blogs.vmware.com/horizontech/2018/08/vmware-identity-manager-and-certificates.html). While the post was mainly for VMware Identity Manager customers many of VMware’s products make use of the same certificate basics.

Felix Block, @fligh_MUC, is a colleague of mine and he pointed out a couple Horizon Cloud specific requirements when it comes to certificates.. So here’s his notes on the topic.

The UAG (used to access Desktops and Apps via Internet) require during the setup a PEM encoded certificate. This certificate needs to have the private key and has to be in the following order: 

—–BEGIN RSA PRIVATE KEY—–
(Your Private Key: your_domain_name.key)
—–END RSA PRIVATE KEY—– 

—–BEGIN CERTIFICATE—–
(Your Primary SSL certificate: your_domain_name.crt)
—–END CERTIFICATE—– 

—–BEGIN CERTIFICATE—–
(Your Intermediate certificate: Intermediate.crt)
—–END CERTIFICATE—– 

—–BEGIN CERTIFICATE—–
(Your Root certificate: TrustedRoot.crt)
—–END CERTIFICATE—–

You can change the UAG certificate after your installation in the Cloud Control Plane at any time

The Smartnode in Horizon Cloud on Azure can be used for internal access to your Desktops and Apps and require the certificate and key in separate files and not as PEM encoded certificate. Using the Smartnode for internal access is optional and therefore you may not need to update the certificate.

Make sure you extract the following parts to update the Smartnode certificate

CA Certificate (.crt), SSL Certificate (.crt) and Private Key (.key)

This entry was posted in Uncategorized on by .
Peter Bjork

About Peter Bjork

Peter Bjork is a Senior Staff EUC Architect at VMware EUC Technical Marketing. Peter came to VMware with the acquisition of Thinstall. He is the author of the books “VMware ThinApp 4.7 Essentials” and "VMware Horizon Workspace Essentials". Peter lives in Sweden with his wife and two kids. You can follow Peter on Twitter: @thepeb

Leave a Reply

Your email address will not be published. Required fields are marked *

*