Horizon Win Cert

1) Prepare INF file

Create text file with inf extension such as the one below

;----------------- request.inf -----------------

[Version]

Signature="$Windows NT$"

[NewRequest]

Subject = "CN=horizon8.nchar.local, OU=LocalHorizon, O=nchar, L=MyTown, S=VT, C=US"

; Replace View_Server_FQDN with the FQDN of the Horizon 7 server.

; Replace the remaining Subject attributes.

KeySpec = 1

KeyLength = 2048

; KeyLength is usually chosen from 2048, 3072, or 4096. A KeyLength

; of 1024 is also supported, but it is not recommended.

HashAlgorithm = SHA256

; Algorithms earlier than SHA-2 are insufficiently secure and are not recommended.

Exportable = TRUE

MachineKeySet = TRUE

SMIME = False

PrivateKeyArchive = FALSE

UserProtected = FALSE

UseExistingKeySet = FALSE

ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12

RequestType = PKCS10

KeyUsage = 0xa0

FriendlyName = "vda6"

[RequestAttributes]

CertificateTemplate="HorizonSSL" ;Certificate Template

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

[Extensions]

2.5.29.17 = "{text}"

_continue_ = "dns=horizon8.nchar.local&"

_continue_ = "dns=horizon8&"

_continue_ = "dns=horizon.nchar.local&"

;-----------------------------------------------

2) Generate a Certificate Request file (.req) with the INF file and save as CertRequest.req

C:\Temp>certreq -new C:\temp\RequestConfig.inf c:\temp\CertRequest.req

3) Submit the CertRequest.req to Internal CA Server to generate UAT.cer

C:\temp> certreq.exe -submit CertRequest.req UAT.cer

Click OK on the pop up

4) Import UAT.cer to Local Computer

PS C:\temp> Import-Certificate -FilePath UAT.cer -CertStoreLocation cert:\LocalMachine\MY

5) Export the Certificate to UAT.pfx

Use the below code, or export with the certificate MMC

When exporting make sure you mark the private key as EXPORTABLE

$Password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText

Get-ChildItem -Path cert:\localMachine\my\EE933AFAB3F3FA82D223696BD2535B6B7306B7CA | Export-PfxCertificate -FilePath C:\Temp\UAT.pfx -Password $Password

6) Transfer the UAT.pfx file to another machine and import it with

$Password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText

Import-PfxCertificate -FilePath C:\Temp\UAT.pfx -Password $Password -CertStoreLocation cert:\LocalMachine\my -Exportable

7) Finish setup

Make sure the friendly name is set to vdm

Restart the Horizon View Connection Server

Reference Pages:

https://www.aventistech.com/2019/09/request-ssl-certificate-from-microsoft-ca-with-certreq/

https://docs.microsoft.com/en-us/powershell/module/pkiclient/import-pfxcertificate?view=win10-ps