Before you start this task, import the CA certificate for VMware View Horizon server to
the BIG-IP system certificate store.
You create a custom client SSL profile to request
an SSL certificate from the client at the start of the session. This enables a Client
Cert Inspection item in an access policy to check whether a valid certificate was
On the Main tab, click
The Client SSL profile list
The New Server SSL Profile
In the Name field, type a unique
name for the profile.
From the Parent Profile list, select
The default settings for the profile
specify a 10-second SSL handshake timeout. Some users with smart cards cannot
authenticate within that time. You can increase the timeout if this is the case
at your site.
From the Configuration list, select
If you have VMware View clients on Mac OS X,
disable TLS 1.2 in the Options List area:
In the Available Options
list, select No TLS
If you change the values for the Cache Size or the Cache Timeout setting, do not
specify a value of zero (0) for either setting.
When these values are 0, the client must
supply a PIN on each browser page refresh.
Scroll down to Handshake Timeout and select
the Custom check
Additional settings become
To limit the timeout to a number of seconds,
select Specify from
the list, and type the required number in the seconds field.
In the list, the value Indefinite specifies that the
system continue trying to establish a connection for an unlimited time. If you
select Indefinite, the
seconds field is
no longer available.
Scroll down to the Client Authentication
Next to Client Authentication, select the
The settings become
From the Client Certificate list,
Do not select require.
From the Trusted Certificate
Authorities and Advertised Certificate Authorities, select the certificates you