Change VMware Horizon Certificate with Powershell

I’m working on a couple of new modules for my free Automation Framework Community Edition showing you how to automatically setup VMware Horizon. In this post I’m going to show you how to change VMware Horizon Certificate with Powershell.

VMware Horizon Connection Server uses a self-signed certificate by default and this doesn’t fly both from a security perspective and SSL connection in general for remote connections.

If you don’t use VMware don’t worry, this post will teach you the fundamentals for working with certificates in PowerShell.

Certificate Location

Whatever Environment variable from Command Prompt (Set) can be put into a PowerShell variable. Here I’m getting the FQDN of the logon Domain and using that to set the FQDN path to my file server.

Copy Certificate

The most important piece of information needed when working with certificates in PowerShell is the ThumbPrint. I already have my certificate and thumbprint saved on my file server. You can learn more in the post Generating wildcard certificate from internal certificate authority using PowerShell.

Then let’s install the required IIS Feature to work with certificates and copy the Certificate (pfx) and the Thumbprint (txt).

Import Certificate

Now let’s import the WebAdministration PowerShell module, set the path, password and finally import the certificate.

Change the Friendly Name

VMware Horizon Connection Server recognizes the self-signed certificate by the friendly name vdm. So first we’re going to change the friendly name of the self-signed certificate to old vdm and then set the friendly name of our new wildcard certificate to vdm.

The Complete Script

How hard was that? Let me give you an advice that can and will change your career, get started with PowerShell today. Sooner or later all workloads will run headless (Server Core).


Leave a reply