A while ago I wrote about Certificates and how to convert between different encodings (https://blogs.vmware.com/horizontech/2018/08/vmware-identity-manager-and-certificates.html). While the post was mainly for VMware Identity Manager customers many of VMware’s products make use of the same certificate basics.
Felix Block, @fligh_MUC, is a colleague of mine and he pointed out a couple Horizon Cloud specific requirements when it comes to certificates.. So here’s his notes on the topic.
The UAG (used to access Desktops and Apps via Internet) require during the setup a PEM encoded certificate. This certificate needs to have the private key and has to be in the following order:
—–BEGIN RSA PRIVATE KEY—–
(Your Private Key: your_domain_name.key)
—–END RSA PRIVATE KEY—–
(Your Primary SSL certificate: your_domain_name.crt)
(Your Intermediate certificate: Intermediate.crt)
(Your Root certificate: TrustedRoot.crt)
You can change the UAG certificate after your installation in the Cloud Control Plane at any time
The Smartnode in Horizon Cloud on Azure can be used for internal access to your Desktops and Apps and require the certificate and key in separate files and not as PEM encoded certificate. Using the Smartnode for internal access is optional and therefore you may not need to update the certificate.
Make sure you extract the following parts to update the Smartnode certificate
CA Certificate (.crt), SSL Certificate (.crt) and Private Key (.key)