We are utilizing UAGs for external access into our Horizon environment. Have been for about a year and a half. The wildcard cert utilize in our environment is coming close to expiring, so we started the process to renew it/replace it where needed.
One part of our environment setup we've been unsure about, is the need for the wildcard cert (or whatever cert) you use out on your load balancer, and whether that same cert needs to be on the UAGs themselves. We've see inconsistent behavior when testing this, so, I'm just trying to find out if that's actually a needed step.
The brokers on our internal network all have their own certs from our on site CA. We then planned to swap out our wild card cert out on the load balancer, leaving the UAGs (between the LB and the brokers) with just their out of box self signed certs. Out on the load balancer today we are doing SSL bridging.
I'm also opening a ticket with support, but, wanted to see what the forums knew about this topic as well.
Thanks in advance.