Horizon Win Cert

1) Prepare INF file Create text file with inf extension such as the one below ;----------------- request.inf -----------------  [Version]  Signature="$Windows NT$"  [NewRequest] Subject = "CN=horizon8.nchar.local, OU=LocalHorizon, O=nchar, L=MyTown, S=VT, C=US"  ; Replace View_Server_FQDN with the FQDN of the Horizon 7 server. ; Replace the remaining Subject attributes.   KeySpec = 1  KeyLength = 2048  ; KeyLength is usually chosen from 2048, 3072, or 4096. A KeyLength ; of 1024 is also supported, but it is not recommended.  HashAlgorithm = SHA256 ; Algorithms earlier than SHA-2 are insufficiently secure and are not recommended. Exportable = TRUE  MachineKeySet = TRUE  SMIME = False  PrivateKeyArchive = FALSE  UserProtected = FALSE  UseExistingKeySet = FALSE  ProviderName = "Microsoft RSA SChannel Cryptographic Provider"  ProviderType = 12 RequestType = PKCS10  KeyUsage = 0xa0  FriendlyName = "vda6" [RequestAttributes] CertificateTemplate="HorizonSSL" ;Certificate Template [EnhancedKeyUsageExtension]  OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication  [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=horizon8.nchar.local&" _continue_ = "dns=horizon8&" _continue_ = "dns=horizon.nchar.local&" ;-----------------------------------------------   2) Generate a Certificate Request file (.req) with the INF file and save as CertRequest.req C:\Temp>certreq -new C:\temp\RequestConfig.inf c:\temp\CertRequest.req 3) Submit the CertRequest.req to Internal CA Server to generate UAT.cer C:\temp> certreq.exe -submit CertRequest.req UAT.cer   Click OK on the pop up 4) Import UAT.cer to Local Computer PS C:\temp> Import-Certificate -FilePath UAT.cer -CertStoreLocation cert:\LocalMachine\MY 5) Export the Certificate to UAT.pfx Use the below code, or export with the certificate MMC  When exporting make sure you mark the private key as EXPORTABLE  $Password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText Get-ChildItem -Path cert:\localMachine\my\EE933AFAB3F3FA82D223696BD2535B6B7306B7CA | Export-PfxCertificate -FilePath C:\Temp\UAT.pfx -Password $Password 6) Transfer the UAT.pfx file to another machine and import it with $Password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText Import-PfxCertificate -FilePath C:\Temp\UAT.pfx -Password $Password -CertStoreLocation cert:\LocalMachine\my -Exportable 7) Finish setup Make sure the friendly name is set to vdm Restart the Horizon View Connection Server Reference Pages: https://www.aventistech.com/2019/09/request-ssl-certificate-from-microsoft-ca-with-certreq/ https://docs.microsoft.com/en-us/powershell/module/pkiclient/import-pfxcertificate?view=win10-ps