So this particular article continues on from Part 1 and Part 2 of this series on Certificates for Horizon. Although I did this solely for a single Connection server, it can be done for others as well. Part 4 will look at creating a trusted key for the likes of a Security server. I did this entirely for a lab environment but you can certainly do this for a production environment.
1. Go to your connection server and log in as the domain administrator
2. Go to Start → Start → Run and type mmc in the run window.
3. From the Menu, select File and then select Add or Remove Snap-ins
4. From the Available snap-ins (on the left) select Certificate and click the Add button.
5. Certificates snap-in dialogue box will pop up. Change the Manage location from My user account to Computer Account
6. Leave the defaults for Select Computer and click Finish.
7. Click OK
8. In the Console Root column (left), click on the plus to expand the certificates.
9. Select Personal and select the Certificates folder in there. Right click Certificates → All Tasks → Request New Certificate…
10. Click Next and ensure Active Directory Enrollment Policy is selected. Click Next
11. Check the box beside Web Server and click on the blue More Information link.
12. In the Subject Name enter and add appropriate information about the servers that will use these certificates. These items are likely to be Common Name (CN), Country (C), Organization (O), Organization Unit (OU), State (S) and Locality (L). For things like Common Name utilize both short name (e.g., CS01) and long name (e.g., CS01.company.com).
13. For Alternative name choose DNS and enter and add the appropriate FQDN for each server that will use the certificate
14. Go to the Private Key Tab, click on the double down arrows on Key Options and check the Make Private Key Exportable.
15. Click OK and then click the Enroll button.
16. Click the Finish button.
17. Ensure the MMC is maximized to its largest size and find the old certificate. It should have “vdm” in the Friendly Name column. Right click it and select Properties
18. On the General tab, in the Friendly Name box change the “vdm” to “vdm.old”
19. Click OK
20. In the Issued by column look for “Horizon Root CA” and select that certificate.
21. Right click on it and go to Properties.
22. On the General tab, in the Friendly Name box enter “vdm” and click OK.