The intent of this document is to describe the steps involved in configuring Micro Focus Desktop Container (MFDC) server with SSL. By default MFDC server gets installed with normal settings which will not have security over streaming applications. With this solution, MFDC server is configured with SSL so that all transaction to and from MFDC server is secured.
In this solution we are using ZENworks Reporting server to generate the CSR and NetIQ eDirectory to issue the CA.
P.S.: Administrators can use any other third party supported CSR generators and CA issuers.
- MFDC Server is up and running on supported Windows Server Class machine.
- eDirectory server is up and running.
- ZENworks Reporting Server is up and running.
Open any browser and login to ZENworks Reporting server’s console. E.g.: https://<IP address/DNS name>:9443/login and click on ZENworks Reporting Configuration
Click on Certificate configuration
Click on Change CA
Click on Generate CSR
Enter the DNS name of the MFDC server. Make sure the IP and Hostnames are resolvable. Also fill in all other fields with the necessary information and click on Generate.
The CSR gets created under /tmp folder on ZENworks Reporting server. Navigate to /tmp folder and copy the following 2 files to the MFDC server.
We need to get this issued by a Certified Authority. For this we have used NetIQ eDirectory server. Follow the steps below:
Open any browser and login to https://<IP address OR the DNS name of eDirectory server/nps > and under Roles and Tasks from NetIQ Certificate Server select Issue Certificate.
Click on Browse. Select zenworks.csr file from the copied location and click Next.
Select SSL or TLS from Key type and click Next.
Select Certificate Authority from Certificate type and click Next. In the next 2 screens accept the defaults and Finish.
This will create a zenworks.der certificate. We need to convert this to .cst as MFDC will accept certificates with .cst extention.
To do this any online converter applications can be used. Now we have zenworks.cst file. Once this is done, copy zenworks.cst to the MFDC server. Since this certificate is issued by the eDirectory server we need to install the issuer certificate also on MFDC server. To do this, follow the steps below:
Open any browser and login to https://<IP address OR DNS name of eDirectory server/nps > and under Roles and Tasks from NetIQ Certificate Access select Server Certificates.
Enable DNS name entry and click on Validate as shown in the picture.
Once you see valid state for the certificate, click on Export.
Select DNS certificate, provide the password and click Next.
On the next screen click on Save the exported certificate and save it on the MFDC server.
Install this certificate by double clicking and installing this certificate to Local Computer under Trusted Root Certification Authorities. Follow the following screens:
Double click on cert.pfx. As this certificate isn’t trusted, it needs to be trusted and added in the trust store of Local computer. Click on Install Certificate…
When prompted, provide the password selected while exporting the server certificate and click Next.
Select Place all certificates in the following store and click on Browse. Enable Show physical stores so that we can see the expand button on Trusted Root Certification Authorities. Now select Local Computer on Trusted Root Certification Authorities and click on OK and select Next
Now certificate import is successfully completed. Click Finish.
Now login to MFDC’s admin portal by giving URL http://<IP address OR DNS name:81>. Navigate to Servers, click on Primary.
In the Edit Server window modify Web Address & Administration Site Address from http to https and provide the certificate paths for zenworks.crt, key.key properly under SSL certificates and click on Save.
This will complete the SSL configuration steps for MFDC. To verify the same, open any browser and give the ssl url of the MFDC server. As per the above example the url would be https://10.71.69.79:444/ whereas 10.71.69.79 is the IP address of the MFDC server and the SSL port is 444.
With this solution now the MFDC server is configured over SSL which results in more secure access.