SSL Certificate/Certification Security Enabling
I have been asked about encryption using HTML (SSL certificates) or securing sessions from remote locations teleworkers using ncomputing thin clients.
I need to enable SSL for our environment.
We have in our environment 2 VERDE components: 1 CM only and 1 VDI node only.
We want to secure Management Console access and provide secure HTML access UC5 to virtual desktops.
How de enable SSL in VERDE? Do we need to enable it in each CM and VDI node? (there are some tutorials to enable Tomcat SSL servers… but those are a little complex and I don’t know if I will create a mess in VERDE trying to figure out how to enable it)
Do you have a guide for SSL security activation in VERDE and best practices to do that, for instance using Let’s Encrypt’s certificates?
SSL is enabled in VERDE by default. In fact, disabling SSL is very difficult and requires changes to Apache/Tomcat configuration.
Note that to access the VERDE Management Console you must use: https://<ip address>:8443/mc - the protocol is https implying SSL encryption is being used.
What may be a little confusing is that, by default, VERDE comes with a self-signed SSL certificate. That is why you will see the browser warning when you attempt to connect to the Management Console:
The browser shows this warning because the communication is using SSL but the certificate is not from an authorized provider such as GoDaddy, Digicert, AWS, etc.
Remember - even though the certificate is not from an authorized provider the data is still encrypted and secure.
To avoid this warning message - which admittedly can be concerning to users - you must obtain a valid SSL certificate from an authorized provider.
Important note: SSL certificates must be associated with a domain name. e.g., simplevdi.cl
Certificates can be defined as wildcard - so *.simplevdi.cl will work. Or, associated to a specific subdomain - e.g., verde.simplevdi.cl
An SSL certificate can NOT be associated to an IP address. You must have a domain name.
Related Articles
SSL Certificate Back Out Procedure
Product Line: VERDE There have been instances where a customer has used and imported an invalid SSL Certificate. This can be easily backed out. Simply access the VERDE server that's running the Cluster Master. SSH/Putty into the server and access the ...How to Disable SSL Communications between the VERDE-Client and the Guest Image
Product Line: VERDE For some users/customers, security isn't a concern especially between the client and the guest image. To disable SSL between the two, perform the following: Steps are here: 1) /usr/lib/verde/etc/server_xml.template you should ...What Type of Networking Security Does VERDE Use?
Product Line: VERDE The VERDE system uses several levels of security for network communication, the ports and encryption levels depend on the following components: VERDE User Console: 128-bit TLS V1.2 (HTTPS) plus the encryption used by the display ...No Touch Certificate \ File management \ Screen Saver \ File Store
the Stratodesk Virtual Appliance not only contains the NoTouch Center, but also hosts several other services, like a web server, Samba server (Windows file shares), PXE server, etc. The web server can be used for delivering the CA certificates or ...Instructions For the Usage of Web Server Certificates
Product Line: VERDE Uploading a Web Server Certificate into VERDE is optional. Consider the browser "certificate warning" you always see when you access VERDE Management Console. Depending on which browser you are using, you have to click the ...