Securing Communication using 3rd Party Certificates
Every Enterprise has the necessity to encrypt the data which traverses
the internet. Using secured communication has not proved to be the most
secure way to transmit corporate data, so enterprises have gone a step
ahead to get specific third party certificates like SSL, PFX etc. These
third party certificates ensures that the corporate data is encrypted
in such a way, that only the recipient who owns the certificate can decrypt
it. Desktop Central supports using SSL and PFX certificates. Adding these
certificates to Desktop Central will secure the communication between
the Desktop Central server, managed computers and mobile devices.
 |
This certificate is valid for a specified
term. If the certificate expires, then the communication between
the Desktop Central agent and the server will no longer be secure.
You will not be able to manage
any mobile devices, till you renew the certificates and upload
it in the Desktop Central server. |
Follow the steps mentioned below to create/renew and upload 3rd Party
Certificates:
- Create CSR and Key Files
- Submit the CSR to a Certificate
Authority (CA) to Obtain a CA Signed Certificate
- Upload
the 3rd party Certificates to Desktop Central
1. Create CSR and Key Files
To create CSR and Key files, follow the steps mentioned below:
- Open a command prompt and change directory to <Desktop_Central_Home>/apache/bin
- Execute following command:
openssl req -new -newkey rsa:2048
-nodes -sha256 -out server.csr -keyout server.key -config ..\conf\openssl.cnf
- Once prompted, enter the information
required to generate a CSR. A sample key generation section is as
follows:
Loading 'screen' into random state
- done
Generating a 2048 bit RSA private key
.....++++++
......++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name
or a DN. There are quite a few fields, but you can leave some blank.
For some fields there will be a default value, If you enter '.', the
field will be left blank.
-----
Country Name (2 letter code) [AU]: IN
State or Province Name (full name) [Some-State]: tamilnadu
Locality Name (eg, city) []: chennai
Organization Name (eg, company)
[]: manageengine
Organizational Unit Name (eg, section) []: desktopcentral
Common Name (eg, YOUR name)
[]: symphony.yourdomain.com. This should be the same as you use
to connect to the client. For example, if you use FQDN (https://symphony.yourdomain.com)
to access this computer via browser, you should specify it the same
way here as symphony.yourdomain.com.
Email Address []: Leave
as empty
Please enter the following 'extra'
attributes to be sent with your certificate request
A challenge password []: Leave
as empty
An optional company name []: Leave
as empty
This operation creates a Key file
named server.key and CSR file named as server.csr in the current working directory Desktop_Central_Home>/apache/bin.
2.Submit
the CSR to a Certificate Authority (CA) to Obtain a CA Signed Certificate
- Submit created server.csr
to CAs. Check their documentation / website for details on submitting
CSRs and this will involve a cost to be paid to the CA
- This process usually takes a few days time and you will be returned
your signed SSL certificate and the CA's chain/intermediate certificate
as .cer files
- Save these files and rename your signed SSL certificate file to
server.crt
3.Upload
the 3rd party Certificates to Desktop Central
- Click Admin
tab on Desktop Central console
- Under Security
Settings, click Import SSL
Certificates
- Browse to upload the certificate
that you have received from the vendor (CA). The certificate will
be .crt format for SSL and in .pfx format for PFX certificates
- If you upload a .crt file, then you will be prompted to upload
the server.key file. After uploading the sever.key, you
will be prompted to upload the intermediate certificate. If you
choose Automatic, then
the intermediate certificate will be detected automatically.
However when the intermediate certificate is detected automatically
, only one certificate will be detected. If you wanted to use
your own intermediate certificate, or upload more than one intermediate
certificate, then you need to choose Manual,
and upload them manually.
- If you choose to upload a .pfx file, then you will be prompted
to enter the password provided by the vendor.
- Click Save to import the certificate.
You have successfully imported the third party certificates to Desktop
Central server. These certificates will be used only when "HTTPS"
mode is enabled for communication. Click Admin
tab and choose Server Settings,
to enable Https mode under General Settings. You can now see
that the communication between the Desktop Central Server and the agents
is secure.
 |
Ensure that the pfx file or .cert file should match the NAT
address specified in the Desktop Central server. If Desktop Central
and ServiceDesk Plus server are installed in the same computer,
then the same pfx file will work. In the above listed case, if
ServiceDesk Plus server is moved to a different computer, then
the pfx needs to be modified to specify the appropriate host name.
|