Configuring the SSL and HTTP Communication between the ZENworks Handheld Management Server and the Access Point

You can configure the SSL and HTTP settings using the cgfip.exe file.

  1. Run the cgfip.exe in the ZENworks Handheld Management installation directory.


    Configure IP - ZENworks Handheld Management Server dialog box

  2. Obtain a server certificate before using SSL:

    1. In the Configure IP dialog box, click Obtain Server Certificate.

    2. Review the information in the Certificate Wizard page, then click Next.

    3. Specify the common name for the computer in the text box, then click Next.

    4. Specify information for your geographic location in the Country/Region, State/Providence, and City/Locality text boxes, then click Next.

    5. Specify information about your organization and organizational unit, then click Next.

    6. Specify the location in which you want to save the certificate request, then click Next.

    7. Click Finish, then click OK.

    8. Have the certificate signed by a Certificate Signing Authority, such as Novell Certificate Services (NCS) or VeriSign*.

      NOTE:  To use NCS: In ConsoleOne®, click Tools, click Issue Certificate, then follow the prompts. When having the certificate signed (if given a choice), have it saved in Base64 format.

      Handheld PCs running Windows CE 3.0 and Pocket PC 2000 devices do not support certificates originating from NCS.

  3. Import a server certificate before using SSL:

    1. In the Configure IP dialog box, click Import Server Certificate.

    2. Click Next.

    3. Ensure that the Process the Pending Request and Install the Certificate option is enabled, then click Next.

    4. Browse to the location where you saved the certificate during Step 2.h, then click Open.

    5. Click Next.

    6. Click Finish.

  4. You can publish a trusted SSL root certificate that desktop sync machines or remote Access Points automatically download when they connect. This should be the root certificate of the Certificate Authority used to sign your server certificate.

    If you are using a third-party Certificate Signing Authority and the root certificate does not already exist on the PC or handheld device (for example, a root certificate from NCS), you can publish the root certificate so that is automatically downloaded.

    To publish a trusted SSL root certificate:

    1. In the Configure IP dialog box, click Configure Root Certificate.

    2. Browse to and select the signed root certificate, then click Open.

      The root certificate that you get from a Certificate Authority (CA) must be in Base64 format.

    3. Click OK twice.

  5. To enable SSL on the ZENworks Handheld Management server, select the Enable SSL check box.

  6. To enable HTTP on the ZENworks Handheld Management server, select the Enable HTTP check box.

  7. To enable SSL/HTTP on the Access Point:

    1. Run the console.exe file from the zfhap directory.

    2. Select Operations > Configure > Server Communications.


      Proxy Server Communications Settings dialog box

    3. To select SSL, select the Use SSL check box. If the server certificate is signed by non-standard certificate authority, then select the Accept Next Root Certificate check box.

    4. To enable HTTP, select the Use HTTP encapsulation check box.

    5. Click OK.