A.1 Configuring the SSL and HTTP Communication between the ZENworks Handheld Management Server and the ZENworks Handheld Management Access Point

You can configure the SSL and HTTP settings using cgfip.exe.

  1. Run cgfip.exe from the ZENworks Handheld Management installation folder.

    Configure IP - ZENworks Handheld Management Server dialog box
  2. Obtain a server certificate before using SSL.

    1. In the Configure IP dialog box, click Obtain Server Certificate.

    2. Review the information in the Certificate Wizard page, then click Next.

    3. In the Common name option, specify the name of the machine as specified during the installation of the ZENworks Handheld Management Server.

      For example, if IP address is specified during the installation of the ZENworks Handheld Management Server, you must specify the IP Address in the Common name option. If the DNS name is specified during the installation of the ZENworks Handheld Management Server, you must specify the DNS name in the Common name option

    4. (Conditional) If the specified DNS name is not resolvable by the network, then you must modify the machine name as follows:

      1. Stop the ZENworks Handheld Management Services running on the system.

      2. Run CfgSrvr.exe from ZENWorks Handheld Management installation folder to launch the ZENworks Handheld Management wizard.

      3. Read the information on the initial screen, then click Next.

      4. On the Database Type page, select Microsoft SQL Server and specify the new name in the Machine name option.

      5. (Conditional) If you choose to use the internal database, select Internal ODBC-compatible database.

      6. Follow the on-screen prompts in the wizard.

      7. Continue with Step 2.c.

    5. Click Next.

    6. Specify information for your geographic location in the Country/Region, State/Providence, and City/Locality text boxes, then click Next.

    7. Specify information about your organization and organizational unit, then click Next.

    8. Specify the location in which you want to save the certificate request, then click Next.

    9. Click Finish, then click OK.

      NOTE:To use NCS: In Novell ConsoleOne®, click Tools, click Issue Certificate, then follow the prompts. When having the certificate signed (if given a choice), save it in Base64 format.

      Handheld PCs running Windows CE 3.0 and Pocket PC 2000 devices do not support certificates originating from NCS.

  3. Perform the following steps to have the certificate self-signed by Novell Certificate Services (NCS):

    1. Launch Consoleone

    2. In the left pane, click Security.

    3. In the right pane, double-click the Certificate Authority for the tree.

    4. In the Properties dialog box that displays, click Certificates. Click Self Signed Certificate.

    5. Click Validate. Ensure that the status in the Certificate Validation dialog box displays Valid, then click OK.

    6. Click Export, then click Next.

    7. Select File in Base64 format then click Finish to save the exported certificate in a Base64 format.

  4. Import a server certificate before using SSL.

    1. In the Configure IP dialog box, click Import Server Certificate.

    2. Click Next.

    3. Ensure that the Process the Pending Request and Install the Certificate option is enabled, then click Next.

    4. Browse to the location where you saved the certificate during Step 2.h, then click Open.

    5. Click Next.

    6. Click Finish.

  5. You can publish a trusted SSL root certificate that desktop sync machines or remote ZENworks Handheld Management Access Points automatically download when they connect. This should be the root certificate of the Certificate Authority used to sign your server certificate.

    If you are using a Certificate Signing Authority and the root certificate does not already exist on the PC or handheld device (for example, a root certificate from NCS), you can publish the root certificate so that is automatically downloaded.

    To publish a trusted SSL root certificate:

    1. In the Configure IP dialog box, click Configure Root Certificate.

    2. Browse to and select the signed root certificate, then click Open.

      The root certificate that you get from a Certificate Authority (CA) must be in Base64 format.

    3. Click OK twice.

  6. To enable SSL on the ZENworks Handheld Management server, select the Enable SSL option.

  7. To enable HTTP on the ZENworks Handheld Management server, select the Enable HTTP option.

  8. To enable SSL/HTTP on the ZENworks Handheld Management Access Point:

    1. Run console.exe from the ZfHAP folder.

    2. Select Operations > Configure > Server Communications.

      Proxy Server Communications Settings dialog box
    3. To enable SSL, select the Use SSL option. If the server certificate is signed by a non-standard certificate authority, then select the Accept Next Root Certificate option.

    4. To enable HTTP, select the Use HTTP Encapsulation option.

    5. Click OK.