User manual
Table Of Contents
n
Verify that the tags set on the View Connection Server instance allow connections from this user. See
the View Administration document.
n
Verify that the user is entitled to access the desktop or application. See the Setting Up Desktop and
Application Pools in View document.
Certificate Checking Modes for Horizon Client
Administrators and sometimes end users can configure whether client connections are rejected if any or
some server certificate checks fail.
Certificate checking occurs for SSL connections between View Connection Server and Horizon Client.
Certificate verification includes the following checks:
n
Is the certificate intended for a purpose other than verifying the identity of the sender and encrypting
server communications? That is, is it the correct type of certificate?
n
Has the certificate expired, or is it valid only in the future? That is, is the certificate valid according to
the computer clock?
n
Does the common name on the certificate match the host name of the server that sends it? A mismatch
can occur if a load balancer redirects Horizon Client to a server that has a certificate that does not match
the host name entered in Horizon Client. Another reason a mismatch can occur is if you enter an IP
address rather than a host name in the client.
n
Is the certificate signed by an unknown or untrusted certificate authority (CA)? Self-signed certificates
are one type of untrusted CA.
To pass this check, the certificate's chain of trust must be rooted in the device's local certificate store.
NOTE For instructions about distributing a self-signed root certificate that users can install on their Chrome
OS devices, as well as instructions for installing a certificate on a Chrome OS device, see documentation on
the Google Web site.
To set the security mode, tap the Settings (gear) icon in the upper-right corner of the Horizon Client screen,
tap General settings, and tap Security mode. You have three choices:
n
Never connect to untrusted servers. If any of the certificate checks fails, the client cannot connect to the
server. An error message lists the checks that failed.
n
Warn before connecting to untrusted servers. If a certificate check fails because the server uses a self-
signed certificate, you can click Continue to ignore the warning. For self-signed certificates, the
certificate name is not required to match the View Connection Server name you entered in
Horizon Client.
n
Do not verify server identity certificates. This setting means that View does not perform any certificate
checking.
If the certificate checking mode is set to Warn, you can still connect to a View Connection Server instance
that uses a self-signed certificate.
If an administrator later installs a security certificate from a trusted certificate authority, so that all certificate
checks pass when you connect, this trusted connection is remembered for that specific server. In the future,
if that server ever presents a self-signed certificate again, the connection fails. After a particular server
presents a fully verifiable certificate, it must always do so.
Chapter 2 Managing Remote Desktop and Application Connections
VMware, Inc. 15