You need to obtain an SSL certificate for these situations:
•To secure the connection between smart devices and the smart device server. This step is mandatory if you are going to connect Android devices to Avalanche.
•To secure the connection between the remote control servers and devices. This step is mandatory if you use remote control.
•To secure the connection between Avalanche and the Central File Store.
When you use Avalanche with an SSL certificate for a secure connection, we strongly recommend that you purchase a certificate through a third-party certificate authority (such as DigiCert or Verisign). Utilizing a certificate authority tells clients that your server information was verified by a trusted source and is authentic.
If you install the Avalanche web server, smart device server, or Remote Control Server on different systems, you need either a wildcard certificate or a certificate for each system where those Avalanche components are installed.
The first step of generating a certificate is to generate a certificate signing request (CSR). The CSR must be generated by the machine it is for. The server you are generating the CSR for must be accessible by the certificate authority.
These instructions explain how to generate a certificate signing request using Internet Information Services (IIS) Manager. Ivanti does not include IIS with Avalanche or install it for you. You are responsible for all associated licenses. If you choose to use a different tool, refer to the user guide for that tool for how to create a certificate request.
To generate a CSR using IIS:
1.From the Windows Start menu, open Internet Information Services (IIS) Manager.
2.In the Connections pane, click the server the certificate is for.
3.In the center pane, double-click Server Certificates.
4.In the actions pane, click Create Certificate Request. The Request Certificate window appears.
5.Enter the fully-qualified domain name of the server and the required information about your company; then click Next.
6.In the Cryptographic service provider drop-down menu, select Microsoft RSA SChannel Cryptographic Provider.
7.In the Bit length drop-down menu, select 2048.
8.Click Next.
9.Specify the location and file name for the CSR.
10.Click Finish.
11.Open the CSR file using a text editor.
12.Copy the text, including the begin and end tags.
13.Open an order form for the certificate authority you are using.
14.Paste the CSR text into the order form and complete the order.
When the certificate has been generated, the certificate authority will email you a zip file containing the certificate and any additional certificates in the path. To use the certificate with Avalanche, it must be in PKCS #12 format and include the private key.
In order to use an SSL certificate for the Avalanche Console, Remote Control, or the smart device server, the certificate must be in PKCS #12 format and include the private key. Even if the certificate authority gave you a .p12 file, you must import the private key into it before you can use it with Avalanche.
To export a certificate to PKCS #12 format:
1.From the Windows Start menu, launch Manage computer certificates.
2.Right-click the Personal directory and select All Tasks > Import.... The Certificate Import Wizard appears.
3.Click Next.
4.Browse to .crt files that you received from the certificate authority.
5.Open the .crt file that contains your domain name and click Next.
6.Click Next to accept the Certificate Store location.
7.Click Finish.
8.In the Manage computer certificates window, right-click the certificate and select All Tasks > Export. The Certificate Export Wizard appears.
9.Click Next.
10.Select Yes, export the private key and click Next.
11.Select Personal Information Exchange - PKCS #12 (.PFX).
12.Enable the Include all certificates in the certification path if possible check box.
13.Click Next.
14.Enter a password for the certificate and confirm it; then click Next.
15.Specify the location and file name for the certificate; then click Save.
16.Click Finish. The certificate can now be used with Avalanche.
After obtaining an SSL certificate and converting it to PKCS #12 format with the private key, import it into Avalanche. Use smart device server profiles to distribute each certificate to the server using it.
The certificate must be in PKCS #12 format. If the certificate is in a different format, convert it to PKCS #12 first.
To import a certificate into Avalanche:
1.From the Avalanche Console, navigate to the Profiles page and select the smart device server profile you want to add the certificate to.
2.Click Edit.
3.In the HTTPS Configuration section, click Add.
4.Locate the certificate's .pfx file and click Open.
5.Enter the password associated with the certificate in the Password text box.
6.Click Save.
7.Perform a deployment from My Enterprise.
After you have set up the APNS certificate and the SSL certificate, communication between smart devices and the smart device server is enabled and you can enroll devices. You should import your licenses before attempting to connect devices. For information on licensing, see Licensing. For information on connecting devices, see Connecting Devices to the Avalanche Server.