SSL Certificate/Certification Security Enabling

SSL Certificate/Certification Security Enabling

Product Line:  VERDE

Question From a Customer:

I have been asked about encryption using HTML (SSL certificates) or securing sessions from remote locations teleworkers using ncomputing thin clients.

I need to enable SSL for our environment.

 

We have in our environment 2 VERDE components: 1 CM only and 1 VDI node only. 

We want to secure Management Console access and provide secure HTML access UC5 to virtual desktops.

 

How de enable SSL in VERDE? Do we need to enable it in each CM and VDI node?  (there are some tutorials to enable Tomcat SSL servers… but those are a little complex and I don’t know if I will create a mess in VERDE trying to figure out how to enable it)

Do you have a guide for SSL security activation in VERDE and best practices to do that, for instance using Let’s Encrypt’s certificates?


SOLUTION:

SSL is enabled in VERDE by default. In fact, disabling SSL is very difficult and requires changes to Apache/Tomcat configuration.


Note that to access the VERDE Management Console you must use: https://<ip address>:8443/mc - the protocol is https implying SSL encryption is being used.


What may be a little confusing is that, by default, VERDE comes with a self-signed SSL certificate. That is why you will see the browser warning when you attempt to connect to the Management Console:




The browser shows this warning because the communication is using SSL but the certificate is not from an authorized provider such as GoDaddy, Digicert, AWS, etc.


Remember - even though the certificate is not from an authorized provider the data is still encrypted and secure.


To avoid this warning message - which admittedly can be concerning to users - you must obtain a valid SSL certificate from an authorized provider.


Important note: SSL certificates must be associated with a domain name. e.g., simplevdi.cl 


Certificates can be defined as wildcard - so *.simplevdi.cl will work. Or, associated to a specific subdomain - e.g., verde.simplevdi.cl


An SSL certificate can NOT be associated to an IP address. You must have a domain name.



Once you obtain the SSL certificate you can upload that to VERDE. Use the General Settings -> Web Server Certificate to perform this action:



And - implied in this is that to make the certificate actually work you must then define the VERDE server to be associated with a domain name - e.g., verde.simplevdi.cl

    • Related Articles

    • How to add or replace the Self-Signed SSL Certificate in PMC

      Scope If your local business or production environment’s security demands for you to have custom certificates, there is a way to obtain them and apply them to PMC. Note that NComputing does not provide the certificates, but you can obtain your own ...
    • SSL Certificate Back Out Procedure

      Product Line: VERDE There have been instances where a customer has used and imported an invalid SSL Certificate. This can be easily backed out. Simply access the VERDE server that's running the Cluster Master. SSH/Putty into the server and access the ...
    • How to replace the SSL certificate used by the vSpace Console Server

      Scope Starting with vSpace Pro Enterprise (version 12.8.0 and higher), it supports the use of custom TLS/SSL certificates used by the vSpace Console. The NComputing vSpace Console Server service (running as the CMServer.exe process) is a component of ...
    • How to Disable SSL Communications between the VERDE-Client and the Guest Image

      Product Line:  VERDE For some users/customers, security isn't a concern especially between the client and the guest image.  To disable SSL between the two, perform the following: Steps are here: 1) /usr/lib/verde/etc/server_xml.template you should ...
    • No Touch Certificate \ File management \ Screen Saver \ File Store

      the Stratodesk Virtual Appliance not only contains the NoTouch Center, but also hosts several other services, like a web server, Samba server (Windows file shares), PXE server, etc. The web server can be used for delivering the CA certificates or ...