SSL Certificate/Certification Security Enabling

SSL Certificate/Certification Security Enabling

Product Line:  VERDE

Question From a Customer:

I have been asked about encryption using HTML (SSL certificates) or securing sessions from remote locations teleworkers using ncomputing thin clients.

I need to enable SSL for our environment.

 

We have in our environment 2 VERDE components: 1 CM only and 1 VDI node only. 

We want to secure Management Console access and provide secure HTML access UC5 to virtual desktops.

 

How de enable SSL in VERDE? Do we need to enable it in each CM and VDI node?  (there are some tutorials to enable Tomcat SSL servers… but those are a little complex and I don’t know if I will create a mess in VERDE trying to figure out how to enable it)

Do you have a guide for SSL security activation in VERDE and best practices to do that, for instance using Let’s Encrypt’s certificates?


SOLUTION:

SSL is enabled in VERDE by default. In fact, disabling SSL is very difficult and requires changes to Apache/Tomcat configuration.


Note that to access the VERDE Management Console you must use: https://<ip address>:8443/mc - the protocol is https implying SSL encryption is being used.


What may be a little confusing is that, by default, VERDE comes with a self-signed SSL certificate. That is why you will see the browser warning when you attempt to connect to the Management Console:




The browser shows this warning because the communication is using SSL but the certificate is not from an authorized provider such as GoDaddy, Digicert, AWS, etc.


Remember - even though the certificate is not from an authorized provider the data is still encrypted and secure.


To avoid this warning message - which admittedly can be concerning to users - you must obtain a valid SSL certificate from an authorized provider.


Important note: SSL certificates must be associated with a domain name. e.g., simplevdi.cl 


Certificates can be defined as wildcard - so *.simplevdi.cl will work. Or, associated to a specific subdomain - e.g., verde.simplevdi.cl


An SSL certificate can NOT be associated to an IP address. You must have a domain name.



Once you obtain the SSL certificate you can upload that to VERDE. Use the General Settings -> Web Server Certificate to perform this action:



And - implied in this is that to make the certificate actually work you must then define the VERDE server to be associated with a domain name - e.g., verde.simplevdi.cl

    • Related Articles

    • How to Disable SSL Communications between the VERDE-Client and the Guest Image

      Product Line:  VERDE For some users/customers, security isn't a concern especially between the client and the guest image.  To disable SSL between the two, perform the following: Steps are here: 1) /usr/lib/verde/etc/server_xml.template you should ...
    • No Touch Certificate \ File management \ Screen Saver \ File Store

      the Stratodesk Virtual Appliance not only contains the NoTouch Center, but also hosts several other services, like a web server, Samba server (Windows file shares), PXE server, etc. The web server can be used for delivering the CA certificates or ...
    • What Type of Networking Security Does VERDE Use?

      Product Line:  VERDE The VERDE system uses several levels of security for network communication, the ports and encryption levels depend on the following components: VERDE User Console: 128-bit TLS V1.2 (HTTPS) plus the encryption used by the display ...
    • Instructions For the Usage of Web Server Certificates

      Product Line:  VERDE Uploading a Web Server Certificate into VERDE is optional.  Consider the browser "certificate warning" you always see when you access VERDE Management Console. Depending on which browser you are using, you have to click the ...
    • Upload Certificate directly to RX-HDX device using Web GUI

      Upload Certificate directly to RX-HDX device using Web GUI:   Certificates can be directly uploaded to the device, without using NoTouch Center. To do that follow the below mentioned steps: Go to device’s web interface i.e. Access device’s IP address ...