How to add or replace the Self-Signed SSL Certificate in PMC

How to add or replace the Self-Signed SSL Certificate in PMC

Scope

If your local business or production environment’s security demands for you to have custom certificates, there is a way to obtain them and apply them to PMC. Note that NComputing does not provide the certificates, but you can obtain your own with a proper Certification Authority Entity.
We will show you how in this document.

Procedure

If you desire to replace the original self-signed SSL server certificate of PMC appliance, you will need to purchase an SSL server certificate signed by some well-known and commonly trusted certification authority. (i.e.: Verisign, GoDaddy, and others)

Here are some helpful notes:

PMC does not have special requirements regarding the signature algorithm or signature hash algorithm, length of private key, etc.

In order to satisfy present-day web browsers' preferences, the certificate should contain PMC's FQDN in one of certificate's SANs (Subject Alternative Names). ‘[YOUR DOMAIN NAME].com' will only be OK as a SAN if the PMC will really be accessed through https://[YOUR DOMAIN NAME].com URL, which may not be your case. Nevertheless, a valid PMC SAN can be, for example, pmc.[YOUR DOMAIN NAME].com
(Obviously, a wildcard certificate issued for ‘*[YOUR DOMAIN NAME].[Your custom domain extension]' will work too.)

No matter in what format the CA delivers the certificate and the private key, you will need to separate the certificate and the key into two files and convert both to PEM format. The key file should contain unencrypted private key.

On Linux, for cert/key file delivered in PKCS#12 format, the extraction can be done with following commands:

openssl pkcs12 -passin pass:private_key_password -in cert_and_key_from_CA.p12 -out nginx-selfsigned.key -nodes -nocerts

openssl pkcs12 -passin pass:private_key_password -in cert_and_key_from_CA.p12 -out nginx-selfsigned.crt -nokeys

(The “private_key_password" is the password protecting the PKCS#12 file provided by CA and “cert_and_key_from_CA.p12" is the name of the file provided by CA and containing the certificate and the private key)

Next, the certificate file will have to be saved as /etc/nginx/nginx-selfsigned.crt in PMC appliance, the private key as /etc/nginx/nginx-selfsigned.key file.

After reboot, PMC appliance should present the new SSL certificate to the connecting clients.
    • Related Articles

    • How to replace the SSL certificate used by the vSpace Console Server

      Scope Starting with vSpace Pro Enterprise (version 12.8.0 and higher), it supports the use of custom TLS/SSL certificates used by the vSpace Console. The NComputing vSpace Console Server service (running as the CMServer.exe process) is a component of ...
    • SSL Certificate/Certification Security Enabling

      Product Line:  VERDE Question From a Customer: I have been asked about encryption using HTML (SSL certificates) or securing sessions from remote locations teleworkers using ncomputing thin clients. I need to enable SSL for our environment.   We have ...
    • PMC 3.0, Start Guide

      Overview This document is an extraction from the release notes of PMC 3.1.2. It covers everything you need to know, in-depth, regarding installation and deployment of PMC. It is always recommended that you use the current release notes of every PMC ...
    • SSL Certificate Back Out Procedure

      Product Line: VERDE There have been instances where a customer has used and imported an invalid SSL Certificate. This can be easily backed out. Simply access the VERDE server that's running the Cluster Master. SSH/Putty into the server and access the ...
    • Tips for Deploying PMC Endpoint Manager on Azure Cloud (related to Microsoft Defender for Cloud)

      PMC Endpoint Manager 3.0.1 (and newer versions) can be deployed to Azure Cloud. When deploying PMC to Azure Cloud, it’s advisable to put the PMC VM into dedicated Resource Group. A new Resource Group can be created in the Create virtual machine step. ...