Cool Solutions

Configuring Micro Focus Desktop Containers server with SSL using ZENworks Reporting Server to generate a CSR and eDirectory to issue a Certificate

SHASHIKALA

By:

December 13, 2016 9:30 am

Reads:1,383

Comments:0

Score:Unrated

Print/PDF

Objective

The intent of this document is to describe the steps involved in configuring Micro Focus Desktop Container (MFDC) server with SSL. By default MFDC server gets installed with normal settings which will not have security over streaming applications. With this solution, MFDC server is configured with SSL so that all transaction to and from MFDC server is secured.

In this solution we are using ZENworks Reporting server to generate the CSR and NetIQ eDirectory to issue the CA.

P.S.: Administrators can use any other third party supported CSR generators and CA issuers.

Prerequisites:

  • MFDC Server is up and running on supported Windows Server Class machine.
  • eDirectory server is up and running.
  • ZENworks Reporting Server is up and running.

Step 1:

Open any browser and login to ZENworks Reporting server’s console. E.g.: https://<IP address/DNS name>:9443/login and click on ZENworks Reporting Configuration

pic1

Step 2:

Click on Certificate configuration

pic2

Step 3:

Click on Change CA

pic3

Step 4:

Click on Generate CSR

pic4

Step 5:

Enter the DNS name of the MFDC server. Make sure the IP and Hostnames are resolvable. Also fill in all other fields with the necessary information and click on Generate.

pic5

The CSR gets created under /tmp folder on ZENworks Reporting server. Navigate to /tmp folder and copy the following 2 files to the MFDC server.

  1. csr
  2. key

We need to get this issued by a Certified Authority. For this we have used NetIQ eDirectory server. Follow the steps below:

Step 6:

Open any browser and login to https://<IP address OR the DNS name of eDirectory server/nps > and under Roles and Tasks from NetIQ Certificate Server select Issue Certificate.

Click on Browse. Select zenworks.csr file from the copied location and click Next.

pic6

Step 7:

Select SSL or TLS from Key type and click Next.

pic7

Step 8:

Select Certificate Authority from Certificate type and click Next. In the next 2 screens accept the defaults and Finish.

pic8

This will create a zenworks.der certificate. We need to convert this to .cst as MFDC will accept certificates with .cst extention.

To do this any online converter applications can be used. Now we have zenworks.cst file. Once this is done, copy zenworks.cst to the MFDC server. Since this certificate is issued by the eDirectory server we need to install the issuer certificate also on MFDC server. To do this, follow the steps below:

Step 9:

Open any browser and login to https://<IP address OR DNS name of eDirectory server/nps > and under Roles and Tasks from NetIQ Certificate Access select Server Certificates.

Enable DNS name entry and click on Validate as shown in the picture.

Once you see valid state for the certificate, click on Export.

pic9

Step 10:

Select DNS certificate, provide the password and click Next.

On the next screen click on Save the exported certificate and save it on the MFDC server.

pic10

Install this certificate by double clicking and installing this certificate to Local Computer under Trusted Root Certification Authorities. Follow the following screens:

Step 11:

Double click on cert.pfx. As this certificate isn’t trusted, it needs to be trusted and added in the trust store of Local computer. Click on Install Certificate…

pic11

Step 12:

When prompted, provide the password selected while exporting the server certificate and click Next.

pic12

Step 13:

Select Place all certificates in the following store and click on Browse. Enable Show physical stores so that we can see the expand button on Trusted Root Certification Authorities. Now select Local Computer on Trusted Root Certification Authorities and click on OK and select Next

pic13

Step 14:

Now certificate import is successfully completed. Click Finish.

pic14

Step 15:

Now login to MFDC’s admin portal by giving URL http://<IP address OR DNS name:81>. Navigate to Servers, click on Primary.

pic15

In the Edit Server window modify Web Address & Administration Site Address from http to https and provide the certificate paths for zenworks.crt, key.key properly under SSL certificates and click on Save.

This will complete the SSL configuration steps for MFDC. To verify the same, open any browser and give the ssl url of the MFDC server. As per the above example the url would be https://10.71.69.79:444/ whereas 10.71.69.79 is the IP address of the MFDC server and the SSL port is 444.

pic16

Conclusion:

With this solution now the MFDC server is configured over SSL which results in more secure access.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...

Tags: , , ,
Categories: Desktop Containers, Technical, Unified Endpoint Management, ZENworks, ZENworks Application Virtualization

0

Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS