Leading Practices for installing a Certificate to utilize on the Virtual Appliance in place of the self signed certificate
To set up your Stratodesk Virtual Appliance properly you may eventually install a certificate that your endpoints can trust and rely on.
Note: This article does not deal with rolling out certificates to endpoints. If you want to do that, look at Certificates instead.
- Make sure you have your certificate ready in .crt / .pem form and you possess the private key file (.key). If you do not have a private key, then it is not your certificate. If you also need certificate chain or CA root files, make sure you have them too in the correct .crt form. Do not use .pfx certificates, Apache will not read .pfx.
- Log into the VA Console
- Click "Certificates" under VA Operation
- Upload certificate, key and optionally, intermediate cert chain file, in the appropriate upload fields
- Reboot the appliance
Note: If your CA provides an intermediate certificate file, you must install this, otherwise it is a violation of SSL/TLS standards. Yes, many browsers still work and won't even show an error. Nevertheless, it will still be wrong and confuse your NoTouch endpoints.
Note: Please refer to your certificate vendor's instructions for how to generate the CSR (Certificate Signing Request). The VA does not provide such a feature, however all the well-known certificate vendors have instructions and online tools ready. On any Linux, Mac OS or even, if you install OpenSSL, Windows, you can actually create such a request with this or a similar command (please only use if you know what you are doing):
openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr