Novell Documentation: ZENworks 6.5 - Configuring the SSL and HTTP Communication between the Access Point and the Handheld Devices

Configuring the SSL and HTTP Communication between the Access Point and the Handheld Devices

You can configure the SSL and HTTP communication between the Access Point and the Handheld devices by using the cfgip.exe from the zfhap directory.

Launch cfgip.exe from zfhap directory.
Obtain a server certificate before using SSL:
1. In the Configure IP - ZENworks Handheld Management Access Point dialog box, click Obtain Server Certificate.
2. Review the information on the Certificate Wizard page, then click Next.
3. Specify the common name for the computer in the text box, then click Next.
  
  NOTE: If you want to connect your PPC 2000 device using SSL, you must keep in mind the following points:
  
  1. The server address is stored as the IP address because the Domain Name Resolution does not work on PPC 2000 devices.
  
  2. If the PPC 2000 device is connected using IP client through wireless, you must specify the IP address of the ZENworks Handheld Management Access Point instead of the common name when you create the Certificate Signing Request (CSR) . This enables the device to validate the Certificate server. But if the device cradle syncs, you can use the common name by selecting the Use Desktop sync settings check box in the ZENworks Console that is available on the device.
4. Specify information for your geographic location in the Country/Region, State/Providence, and City/Locality text boxes, then click Next.
5. Specify information about your organization and organizational unit, then click Next.
6. Specify the location in which you want to save the certificate request, then click Next.
7. Click Finish, then click OK.
8. Have the certificate signed by a Certificate Signing Authority, such as Novell Certificate Services (NCS) or VeriSign.
  
  NOTE: To use NCS: In ConsoleOne, click Tools, click Issue Certificate, then follow the prompts. When having the certificate signed (if given a choice), have it saved in Base64 format.
  
  Handheld PCs running Windows CE 3.0 and Pocket PC 2000 devices do not support certificates originating from NCS.
To import a server certificate before using SSL:
1. In the Configure IP - ZENworks Handheld Management Access Point dialog box, click Import Server Certificate.
2. Click Next.
3. Ensure that the Process the Pending Request and Install the Certificate option is enabled, then click Next.
4. Browse to the location where you saved the certificate during Step 2.h, then click Open.
5. Click Next.
6. Click Finish.
You can publish a trusted SSL root certificate that Windows CE clients automatically download when they connect. This should be the root certificate of the Certificate Authority used to sign your server certificate.

If you are using a third-party Certificate Signing Authority and the root certificate does not already exist on the PC or handheld device (for example, a root certificate from NCS), you can publish the root certificate so that is automatically downloaded.

To publish a trusted SSL root certificate:
1. In the Configure IP - ZENworks Handheld Management Access Point dialog box, click Configure Root Certificate.
2. Browse to and select the signed root certificate, then click Open.
  
  The root certificate that you get from a Certificate Authority (CA) must be in Base64 format.
3. Click OK twice.
To enable the SSL on the Access Point, select the Enable SSL check box.
To enable HTTP on the Access Point, select the Enable HTTP encapsulation check box.
To enable SSL/HTTP on a handheld device, open the ZENworks console and do the following:
1. For PalmOS devices, select the server from the drop-down list and select Use SSL
  
  Or
  
  For Windows CE devices, click Configure > Use SSL.
  
  If you are publishing a root certificate, click Accept Next Root Certificate.
2. To enable HTTP for Palm devices, select Server from the drop-down list, then click Use HTTP encapsulation
  
  Or
  
  For Windows CE devices, click Configure, then click Use HTTP encapsulation.