Certificate error when you use html-access to Horizon

I noticed that when I work internally, I always get an error about the certificate when I use Horizon HTML access and logon to our RDS.

We found a VMware article that solves this problem.
https://kb.vmware.com/s/article/2088354

Chrome doesn’t like wildcart certificates so we wanted to use an computernamed certificate for this that was issued by the CA.
You need to make the private key exportable and use its own DNS name.
That is why we created a new certificate template on the CA.

And of course we want to do this automatically with 40 RDS servers.
That is why we created a script:

<#
************************************************************************************************************************
Ceator : Ralph Hofman
Company: RHofman IT
Created: 15-01-2020 
Version: 1.0
Purpose: Import a computer named certificate issued by the CA and change the blast certificate thumbprint in the registry.

# Change Log
1.0.0 – 15-01-2020    –   Initial Release.
************************************************************************************************************************
#>

#Prereq Certificate Variable
    # Set hostname
    $hostname = hostname

    # Get the thumbprint from the right certificate
    $thumb = (Get-ChildItem -Path cert:\LocalMachine\my | Where-Object {$_.subject -match $hostname}).Thumbprint

    # Insert spaces between every 2 characters just like a real thumbprint
    if ($thumb -eq $Null){
    Write-Host “No Thumbprint found”
     } Else {  
    $regthumb = $thumb.insert(2,” “).insert(5,” “).insert(8,” “).insert(11,” “).insert(14,” “).insert(17,” “).insert(20,” “).insert(23,” “).insert(26,” “).insert(29,” “).insert(32,” “).insert(35,” “).insert(38,” “).insert(41,” “).insert(44,” “).insert(47,” “).insert(50,” “).insert(53,” “).insert(56,” “)
}

    # Display the thumbprint to verify
    $Currentumb = (get-ItemProperty -Path “HKLM:\SOFTWARE\VMware, Inc.\VMware Blast\Config”).SslHash

# Function
    if ($regthumb -eq $Currentumb ) {
    Write-host “Keys is the same”
    } Else {

        # Request computernamed certificate at the AD enrollment server
        # with ComputerHorizon template
        # Template > issued by CA, subjectname = DNS, Privatekey = Exportable
        certreq -Enroll -machine -q “ComputerHorizon”

        # Get the thumbprint from the right certificate
        $thumb = (Get-ChildItem -Path cert:\LocalMachine\my | Where-Object {$_.subject -match $hostname}).Thumbprint

        # Insert spaces between every 2 characters just like a real thumbprint
        $regthumb = $thumb.insert(2,” “).insert(5,” “).insert(8,” “).insert(11,” “).insert(14,” “).insert(17,” “).insert(20,” “).insert(23,” “).insert(26,” “).insert(29,” “).insert(32,” “).insert(35,” “).insert(38,” “).insert(41,” “).insert(44,” “).insert(47,” “).insert(50,” “).insert(53,” “).insert(56,” “)

Set-ItemProperty -Path “HKLM:\SOFTWARE\VMware, Inc.\VMware Blast\Config” -Name “SslHash” -Value $regthumb
        # Fill the SslHash for Blast to use the computernamed certificate

        Restart-Service -Name VMBlast -Force
# Restart the Blast service to take effect

    }

Deploy it via a startup script in computer based GPO

Feel free to use the script in your environment.