Windows Links‎ > ‎

Horizon Win Cert



1) Prepare INF file

Create text file with inf extension such as the one below


;----------------- request.inf ----------------- 

[Version] 

Signature="$Windows NT$" 

[NewRequest]

Subject = "CN=horizon8.nchar.local, OU=LocalHorizon, O=nchar, L=MyTown, S=VT, C=US" 
; Replace View_Server_FQDN with the FQDN of the Horizon 7 server.
; Replace the remaining Subject attributes.  
KeySpec = 1 
KeyLength = 2048 
; KeyLength is usually chosen from 2048, 3072, or 4096. A KeyLength
; of 1024 is also supported, but it is not recommended. 
HashAlgorithm = SHA256
; Algorithms earlier than SHA-2 are insufficiently secure and are not recommended.
Exportable = TRUE 
MachineKeySet = TRUE 
SMIME = False 
PrivateKeyArchive = FALSE 
UserProtected = FALSE 
UseExistingKeySet = FALSE 
ProviderName = "Microsoft RSA SChannel Cryptographic Provider" 
ProviderType = 12
RequestType = PKCS10 
KeyUsage = 0xa0 
FriendlyName = "vda6"

[RequestAttributes]

CertificateTemplate="HorizonSSL" ;Certificate Template

[EnhancedKeyUsageExtension] 

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication 

[Extensions]

2.5.29.17 = "{text}"
_continue_ = "dns=horizon8.nchar.local&"
_continue_ = "dns=horizon8&"
_continue_ = "dns=horizon.nchar.local&"

;-----------------------------------------------

 
2) Generate a Certificate Request file (.req) with the INF file and save as CertRequest.req

C:\Temp>certreq -new C:\temp\RequestConfig.inf c:\temp\CertRequest.req

3) Submit the CertRequest.req to Internal CA Server to generate UAT.cer

C:\temp> certreq.exe -submit CertRequest.req UAT.cer
 
Click OK on the pop up

Request SSL Certificate from Microsoft CA with Certreq

4) Import UAT.cer to Local Computer

PS C:\temp> Import-Certificate -FilePath UAT.cer -CertStoreLocation cert:\LocalMachine\MY

5) Export the Certificate to UAT.pfx

Use the below code, or export with the certificate MMC 
When exporting make sure you mark the private key as EXPORTABLE 

$Password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText
Get-ChildItem -Path cert:\localMachine\my\EE933AFAB3F3FA82D223696BD2535B6B7306B7CA | Export-PfxCertificate -FilePath C:\Temp\UAT.pfx -Password $Password

6) Transfer the UAT.pfx file to another machine and import it with

$Password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText
Import-PfxCertificate -FilePath C:\Temp\UAT.pfx -Password $Password -CertStoreLocation cert:\LocalMachine\my -Exportable

7) Finish setup

Make sure the friendly name is set to vdm
Restart the Horizon View Connection Server



Reference Pages:

https://www.aventistech.com/2019/09/request-ssl-certificate-from-microsoft-ca-with-certreq/

https://docs.microsoft.com/en-us/powershell/module/pkiclient/import-pfxcertificate?view=win10-ps


Comments