Avalanche powered by Wavelink

Configuring the Certificate Management Server

The Certificate Management Server handles the renewal and distribution of certificates to enrolled mobile devices. The communication between the server and the Avalanche Enabler must also be secure to prevent interception of certificate information. To enable secure communication between the two, you must create a certificate and edit the csm.properties file with certificate credentials; otherwise, no certificates can be sent with the Certificate Manager. As part of the Avalanche install process, a self-signed certificate is automatically created for the Certificate Management Server to allow immediate secure communication. For more information about creating a certificate, see SSL Certificates.

The cms.properties file contains the following parameters that are used for communicating with the Certificate Management Server:

•InfoRail.Server. The IP address or hostname for the Avalanche InfoRail server. By default, it is set to 127.0.0.1.

•Cert.Path. Indicates the directory path to the SSL certificate used for secure communications. When Avalanche is initially installed, it creates a self-signed certificate that is provided here by default. The default location is the /conf folder, and the default certificate name is wavelinkcm.p12. If you place your certificate in a different folder and under a different name, the changes must be reflected here.

•Cert.Password. The challenge password associated with the certificate from when it was first created. The default password associated with the self-signed certificate created during the Avalanche install process is $wavelink123.

The following is an example containing values for each parameter:

InfoRail.Server=127.0.0.1

Cert.Path=./conf/wavelinkcm.p12

Cert.Password.PlainText=$wavelink123

To edit the cms.properties file:

1.Navigate to wavelink/Avalanche/CertManager/conf folder and open the csm.properties file with a text editor like Notepad.

2.Edit the values for the parameters listed above.

3.Save and close the file.

4.Restart all Avalanche services.

Once the services have rebooted, you must configure the SCEP server to allow for automatic certificate issuing and reusing passwords. To perform these tasks, see Configuring the SCEP Server.