Browser-based Support Console



Similar documents
Windows Azure Multi-Factor Authentication

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

ESET SECURE AUTHENTICATION. API SSL Certificate Replacement

Laboratory Exercises VI: SSL/TLS - Configuring Apache Server

ACTIVE DIRECTORY DEPLOYMENT

Wavecrest Certificate

4cast Client Specification and Installation

Generating an Apple Push Notification Service Certificate

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

DriveLock Quick Start Guide

Scenarios for Setting Up SSL Certificates for View

Install the Production Treasury Root Certificate (Vista / Win 7)

Using Microsoft s CA Server with SonicWALL Devices

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Setting Up SSL on IIS6 for MEGA Advisor

DMZ Server monitoring with

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

Obtaining SSL Certificates for VMware Horizon View Servers

Obtaining SSL Certificates for VMware View Servers

SARANGSoft WinBackup Business v2.5 Client Installation Guide

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

EventTracker Windows syslog User Guide

Application Note AN1502

How to: Install an SSL certificate

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

Specops Command. Installation Guide

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Sophos Anti-Virus for NetApp Storage Systems startup guide

Aspera Connect User Guide

RSA Security Analytics

etoken Enterprise For: SSL SSL with etoken

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Generating a Certificate Signing Request (CSR) from LoadMaster

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Sharpdesk V3.5. Push Installation Guide for system administrator Version

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

APNS Certificate generating and installation

Distributing SMS v2.0

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Host Installation on a Terminal Server

Exchange 2010 PKI Configuration Guide

ADFS Integration Guidelines

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

e-cert (Server) User Guide For Microsoft IIS 7.0

EventTracker: Support to Non English Systems

CERTIFICATE-BASED SINGLE SIGN-ON FOR EMC MY DOCUMENTUM FOR MICROSOFT OUTLOOK USING CA SITEMINDER

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

LoadMaster SSL Certificate Quickstart Guide

Microsoft Exchange 2010 and 2007

SQL Server 2008 and SSL Secure Connection

How to Configure a Secure Connection to Microsoft SQL Server

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Active Directory Software Deployment

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

NSi Mobile Installation Guide. Version 6.2

ECA IIS Instructions. January 2005

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Secure IIS Web Server with SSL

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Active Directory integration with CloudByte ElastiStor

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Create, Link, or Edit a GPO with Active Directory Users and Computers

O Reilly Media, Inc. 3/2/2007

HTTP Server Setup for McAfee Endpoint Encryption (Formerly SafeBoot) Table of Contents

Windows Clients and GoPrint Print Queues

CLIENT CERTIFICATE (EAP-TLS USE)

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

SolarWinds Technical Reference

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Copyright

SafeWord Domain Login Agent Step-by-Step Guide

Check Point FDE integration with Digipass Key devices

Autograph 3.3 Network Installation

SSL Decryption Certificates

Zenprise Device Manager 6.1

Ascend Interface Service Installation

CA Nimsoft Unified Management Portal

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Desktop Surveillance Help

CA NetQoS Performance Center

SSL Insight Certificate Installation Guide

CA Nimsoft Service Desk

TechNote. Contents. Overview. Using a Windows Enterprise Root CA with DPI-SSL. Network Security

Multi-factor Authentication using Radius

Windows Intune Walkthrough: Windows Phone 8 Management

NetWrix Password Manager. Quick Start Guide

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Microsoft IIS 4 Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Promap V4 ActiveX MSI File

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Installing and Configuring a Server Certificate for use by MailSite Fusion with TLS/SSL A guide for MailSite Administrators

Installation and Configuration Guide

Transcription:

TECHNICAL PAPER Browser-based Support Console Mass deployment of certificate Netop develops and sells software solutions that enable swift, secure and seamless transfer of video, screens, sounds and data between two or more computers over the Internet. For more information, see www.netop.com.

Abstract To remote control a host using the Browser-based Support Console without getting an invalid certificate warning message, you have to install a certificate which authenticates that the host is actually on the machine you want to connect to. Introduction An organization might choose using its own certificate with the Browser-based Support Console. The system administrators should manually create a certificate from the Domain Controller, certificate which will only be valid within that domain. Please note that this will work only on Internet Explorer (IE) as Firefox has its own certificate management. This article describes how to create a certificate, install it in the Trusted Root Certification Authorities Certificate Store and deploy the certificate to multiple computers. 1. Create a self-signed certificate To create a self-signed (.pfx) certificate on Windows 7 or Windows XP: 1. Click here to download OpenSSL. Choose version 1.0.0L for developers. 2. Install.dll in the OpenSSL folder. 3. Add the Openssl\bin folder to the Path variable in the Environment Variables. a. Go to Control Panel > System and Security > System and on the left menu click Advanced system settings. The System Properties window displays. Copyright Netop 2014. All rights reserved 1

b. Click the Environment Variables button and in the System variables section select the Path variable and click the Edit button. c. Into the Variable value field, add the OpenSSL\bin folder and click OK. Please note directories are separated by semicolon. 4. From the command prompt, generate a RSA private key and a Certificate Signing Request (CSR) for your server. a. Go to the folder where you want to generate the private key: # In this sample the private key privkey will be generated into the certs folder. cd C:\certs b. Generate a RSA private key:: # unencrypted, 2048-bit key openssl genrsa -out privkey.pem 2048 # alternatively, encrypted openssl genrsa -des3 -out privkey.pem 2048 Where, privkey is the filename of the private key to be generated. You can change the filename. Copyright Netop 2014. All rights reserved 2

Note: If you choose to encrypt the key, you will have to enter the passphrase for this private key every time you start a server that uses it. This might not be possible; therefore, we recommend you to choose an unencrypted key c. Generate the CSR: openssl req new key privkey.pem out req.csr You will be asked to enter the following information: Country Name (2 letter code) State or Province Name (full name) Locality Name (e.g., city) Organization Name (e.g., company) Organizational Unit Name Common Name enter the name of the machine where the host will be installed Email Address You will be prompted to enter two extra (optional) attributes; afterwards the req.csr file will be created in the folder where you have chosen to create it. 5. Open the req.csr file and copy the content. 6. Submit a certificate request to the CA server: a. In IE, go to your Certificate Authority (CA) server and login using domain credentials. b. Select the Request a certificate task. c. Choose to submit an advanced certificate request. d. In the Saved Request field, paste the content of the req.csr file. From the Certificate Template drop-down list choose NRCWebGuest, and then click the Submit button. The certificate you requested is issued. e. Click the Base 64 encoded radio button and download the certificate to the folder where you have previously created the private key and CSR request. 7. From the command prompt run the following command: # the name of the pfx certificate is mycertificate. You may choose another name of r the pfx certificate openssl pkcs12 -export -in certnew.cer -inkey privkey.pem -out mycertificate.pfx You have to enter export password in order to finish generating the pfx certificate. The password you enter here will be used to export the certificate on other machines. Once you enter the password, the mycertificate.pfx will be created into the folder where you have previously created the private key and the CSR request. Copyright Netop 2014. All rights reserved 3

2. Import certificate into Windows Certificate Store To import the certificate in the Windows Store Certificate on the machine where the Netop Host is installed: 1. Open Certificate Manager by clicking the Start button (for Windows 8 and later click on WINKEY and F), typing mmc.exe into the Search box, and then pressing ENTER. 2. Click the File tab and select the Add/remove Snap-in option. 3. In the Available snap-in select Certificates and click the Add> button. The Certificates snapin wizard displays. Select the snap-in to always manage certificates for Computer account and click Next. 4. Select the snap-in to always manage the Local computer and click Finish. 5. Click OK and the wizard closes. 6. In the MMC window, go to Console Root > Certificates (Local Computer) > Personal, right click on Certificates and select All tasks > Import The Certificate Import wizard opens. Click Next. 7. Browse to the location where the certificate is stored, select the certificate and click Open, then click Next. 8. Type the password for the private key that is included in the certificate file, select Include all extendable properties and click Next. 9. Click Next and Finish. The new certificate appears in the Certificates (Local Computer) > Personal > Certificates folder. 3. Configure the Netop Host to use the imported Windows Store certificate 1. Go to the Netop Host, click on the Tools Communication Profiles entry menu, choose a Web profile in the list and click Edit. The Communication Profile Edit window displays. 2. Select the Windows Certificate Store radio button for the web communication, then click Choose certificate 3. Go to Server Authentication Certificates > Local Computer > Personal and choose the certificate and click Select. 4. Click OK and restart the Netop Host in order for the changes to take effect. 4. Check that the certificate warning does not display From a machine which is in the local domain, open either Chrome or IE and enter https:\\hostmachine-name. The untrusted certificate warning no longer displays as the certificate was issued by your Certificate Authority (CA) server to host-machine-name. Note: If the Certificate Authority for the added certificate does not exist on the machine from which the Browser-based Support Console is launched, import the CA root certificate in the Trusted Root Certification Authorities. Copyright Netop 2014. All rights reserved 4

5. Mass-deploying the certificate using Group Policy This procedure describes how to deploy a certificate to multiple computers by using Active Directory Domain Services and a Group Policy Object (GPO). Prerequisite: You should have domain administrator rights (membership in the Domain Administrators group) in order to complete this procedure. This procedure applies to: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 1. Open the Group Policy Management console. To open the console, click Start button, click Control Panel, click Administrative Tools, and then click Group Policy Management. 2. Find an existing or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit whose users you want affected by the policy. 3. Right-click the GPO, and then select Edit. 4. Group Policy Management Editor opens, and displays the current contents of the policy object. 5. In the navigation pane, go to Computer Configuration>Policies>Windows Settings>Security Settings>Public Key Policies>Trusted Publishers. 6. On the Action menu, click Import. 7. Follow the instructions in the Certificate Import Wizard to find and import the certificate. 8. If the certificate is self-signed, and cannot be traced back to a certificate that is in the Trusted Root Certification Authorities certificate store, then you must also copy the certificate to that store. In the navigation pane, click Trusted Root Certification Authorities, and then repeat steps 5 and 6 to install a copy of the certificate to that store.. Copyright Netop 2014. All rights reserved 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information