Related Tips & Info

Configuring Desktop Containers server with SSL using ZENworks Reporting Server to generate a CSR

shashikala1
OpenText Employee
0 Likes

Objective

The intent of this document is to describe the steps involved in configuring Micro Focus Desktop Container (MFDC) server with SSL. By default MFDC server gets installed with normal settings which will not have security over streaming applications. With this solution, MFDC server is configured with SSL so that all transaction to and from MFDC server is secured.

In this solution we are using ZENworks Reporting server to generate the CSR and NetIQ eDirectory to issue the CA.

P.S.: Administrators can use any other third party supported CSR generators and CA issuers.

Prerequisites:

    • MFDC Server is up and running on supported Windows Server Class machine.

 

    • eDirectory server is up and running.

 

    • ZENworks Reporting Server is up and running.




Step 1:

Open any browser and login to ZENworks Reporting server’s console. E.g.: https://<IP address/DNS name>:9443/login and click on ZENworks Reporting Configuration

pic1

Step 2:

Click on Certificate configuration

pic2

Step 3:

Click on Change CA

pic3

Step 4:

Click on Generate CSR

pic4

Step 5:

Enter the DNS name of the MFDC server. Make sure the IP and Hostnames are resolvable. Also fill in all other fields with the necessary information and click on Generate.

pic5

The CSR gets created under /tmp folder on ZENworks Reporting server. Navigate to /tmp folder and copy the following 2 files to the MFDC server.


    1. csr

 

    1. key




We need to get this issued by a Certified Authority. For this we have used NetIQ eDirectory server. Follow the steps below:

Step 6:

Open any browser and login to https://<IP address OR the DNS name of eDirectory server/nps > and under Roles and Tasks from NetIQ Certificate Server select Issue Certificate.

Click on Browse. Select zenworks.csr file from the copied location and click Next.

pic6

Step 7:

Select SSL or TLS from Key type and click Next.

pic7

Step 8:

Select Certificate Authority from Certificate type and click Next. In the next 2 screens accept the defaults and Finish.

pic8

This will create a zenworks.der certificate. We need to convert this to .cst as MFDC will accept certificates with .cst extention.

To do this any online converter applications can be used. Now we have zenworks.cst file. Once this is done, copy zenworks.cst to the MFDC server. Since this certificate is issued by the eDirectory server we need to install the issuer certificate also on MFDC server. To do this, follow the steps below:

Step 9:

Open any browser and login to https://<IP address OR DNS name of eDirectory server/nps > and under Roles and Tasks from NetIQ Certificate Access select Server Certificates.

Enable DNS name entry and click on Validate as shown in the picture.

Once you see valid state for the certificate, click on Export.

pic9

Step 10:

Select DNS certificate, provide the password and click Next.

On the next screen click on Save the exported certificate and save it on the MFDC server.

pic10

Install this certificate by double clicking and installing this certificate to Local Computer under Trusted Root Certification Authorities. Follow the following screens:

Step 11:

Double click on cert.pfx. As this certificate isn’t trusted, it needs to be trusted and added in the trust store of Local computer. Click on Install Certificate…

pic11

Step 12:

When prompted, provide the password selected while exporting the server certificate and click Next.

pic12

Step 13:

Select Place all certificates in the following store and click on Browse. Enable Show physical stores so that we can see the expand button on Trusted Root Certification Authorities. Now select Local Computer on Trusted Root Certification Authorities and click on OK and select Next

pic13

Step 14:

Now certificate import is successfully completed. Click Finish.

pic14

Step 15:

Now login to MFDC’s admin portal by giving URL http://<IP address OR DNS name:81>. Navigate to Servers, click on Primary.

pic15

In the Edit Server window modify Web Address & Administration Site Address from http to https and provide the certificate paths for zenworks.crt, key.key properly under SSL certificates and click on Save.

This will complete the SSL configuration steps for MFDC. To verify the same, open any browser and give the ssl url of the MFDC server. As per the above example the url would be https://10.71.69.79:444/ whereas 10.71.69.79 is the IP address of the MFDC server and the SSL port is 444.

pic16

Conclusion:

With this solution now the MFDC server is configured over SSL which results in more secure access.

Labels:

How To-Best Practice
Support Tip
Desktop Containers
Comment List
Related
Recommended

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.