Using Third-Party SSL Certificate for Secured Communication
Desktop Central allows you to use third-party SSL certificates for enabling secured communication between Desktop Central and Agent.
- You should have enabled HTTPS communication in Desktop Central from Admin --> Server Settings prior to importing 3rd party SSL certificate.
- Applicable for Deskop Central Build Numbers #70115 and above.
The steps below will guide you in using third-party certificates:
Create CSR and Key Files
To create CSR and Key files, you need Open SSL installed in your system. You can download OpenSSL from the following URL and install: http://www.slproweb.com/products/Win32OpenSSL.html
- Open a command prompt and change directory to <OpenSSL _Install_Dir>/bin
- Execute the following command:
openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key
- Once prompted, enter the information required to generate a CSR. A sample key generation section is as follows:
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
writing new private key to 'server.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:tamilnadu
Locality Name (eg, city) :chennai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:manageengine
Organizational Unit Name (eg, section) :desktopcentral
Common Name (eg, YOUR name) :symphony [Replace this with the host name of the computer where Desktop Central server is installed. This should be the same as you use to connect to the client. For example, if you use FQDN (https://symphony.yourdomain.com) to access this computer via browser, you should specify it the same way here as symphony.yourdomain.com. ]
Email Address :[Leave as empty]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :[Leave as empty]
An optional company name :[Leave as empty]
This operation creates a Key file named server.key and CSR file named as server.csr in the current working directory (<OpenSSL _Install_Dir>/bin).
Submit the CSR to a Certificate Authority (CA) to obtain a CA signed certificate
- Submit created server.csr to CAs. Check their documentation / website for details on submitting CSRs and this will involve a cost to be paid to the CA
- This process usually takes a few days time and you will be returned your signed SSL certificate and the CA's chain/intermediate certificate as .cer files
- Save these files and rename your signed SSL certificate file to server.crt
Update SSL Certificate in Desktop Central Server
- Stop the Desktop Central Server and take a backup of the existing server.key and server.crt file located in <Desktop_Central_Home>/apache/conf directory.
- Now, copy the newly created server.key, server.crt and chain/intermediate certificate files to the <Desktop_Central_Home>/apache/conf directory.
- Change the file extensions of the chain/intermediate certificate files to .crt
- You should add the chain/intermediate certificate details in Desktop Central. You can skip this step, if your CA has not provided any chain/intermediate files:
- Open <Desktop_Central_Home>/apache/conf/httpd-ssl.conf.template and add this line:
SSLCACertificateFile "%SERVER_HOME%/apache/conf/intermediateCA.crt" [ Here intermediateCA.crt is your chain/intermediate certificate name]
- Open <Desktop_Central_Home>/apache/conf/httpd-ssl.conf and add this line:
SSLCACertificateFile "C:/Program Files/DesktopCentral_Server/apache/conf/intermediateCA.crt [ Here intermediateCA.crt is your chain/intermediate certificate name. Make sure you specify the absolute path to yourh chain/intermediate certificate file
- Start Desktop Central Server