Server Authentication Certificate

Issuing a Certificate Request (PKCS#10)

Access the server through SSH with an account with administrative privileges;

Run the Horizon Configuration Utility with the following command:

$ /opt/horizon/sbin/horizon-config

In the main menu, select 'NGINX':

NGINX Config Menu

In the NGINX menu, select 'CSR':

NGINX CSR Menu

Specify the DNS Name of the Horizon server (by default, the config script takes the Horizon hostname if defined or the local machine hostname otherwise):

Specify Hostname

The certificate request is generated and available under /etc/nginx/ssl/horizon.csr.new:

CSR generated

Sign the certificate request using your PKI.

Installing a Server Certificate

Upload the generated server certificate on the Horizon server under /tmp/horizon.pem through SCP;

In the NGINX configuration menu, select 'CRT':

CRT menu

Specify the path /tmp/horizon.pem and validate:

CRT path

The server certificate is successfully installed:

CRT installed

Installing the Server Certificate Trust Chain

Upload the server certificate trust chain (the concatenation of the Certificate Authority certificates in PEM format) on the Horizon server under /tmp/server.bundle through SCP;

In the NGINX configuration menu, select 'TC':

TC menu

Specify the path /tmp/server.bundle and validate:

TC path

The server bundle is successfully installed:

TC installed

Verify the NGINX configuration with the following command:

$ nginx -t

Restart the NGINX service with the following command:

$ systemctl restart nginx