Avalanche powered by Wavelink

Creating a Self-Signed Certificate

These instructions explain how to generate a self-signed certificate using OpenSSL. Ivanti does not include OpenSSL with Avalanche. The install files can be found on the OpenSSL Web site. If you want to use a different tool, refer to the user guide for that tool.

Ivanti strongly recommends you use certificates from a certificate authority to secure communications for Avalanche. Using self-signed certificates may cause the following issues:

•If you use a self-signed certificate for the Web Console, a web browser may not recognize the certificate and displays warning messages that the site is not trusted. The browser may require you to make an exception in order to connect. The connection will be encrypted, however.

•If you use a self-signed certificate for the Smart Device Server, Android devices will refuse to enroll because they do not recognize the certificate. For devices running Android 4.0 or newer, you can install the self-signed certificate on each device. Devices running a version of Android older than 4.0 will not connect to a server that uses self-signed certificates. To install the certificate on the Android device, open a browser on the device and navigate to the iOS enrollment page after you have the certificate set up. On the page, tap Trust this Server and download the certificate. Once the certificate is downloaded, you can close the browser.

For instructions on obtaining a certificate from a certificate authority, see Creating a Certificate Request for a Certificate Authority in SSL Certificates.

The file names given in these instructions, such as privateKey.key and ca.pem, are required if you are using the certificate for the Smart device server.

When creating a certificate you will need to provide a Common Name (such as an IP address), organizational unit, organization, city, state, and country code when creating your certificate.

To generate a self-signed certificate for the Smart device server:

1.From a command line, navigate to:

[OpenSSL installation directory]\bin

2.Use the command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out ca.pem

3.At the prompts, enter all requested information. For the Common Name, provide the fully qualified domain name of the computer where you plan to install the certificate. The domain name used should be one that your company owns. Add a DNS entry if needed to resolve this computer.

An example of generating a self-signed certificate:

Country Name (2 letter code) []:US
State or Province Name (full name) []:Utah
Locality Name (eg, city) []:Midvale
Organization Name (eg, company) []:Wavelink Corporation
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []:avaself.wavelink.com
Email Address []:[email protected]

The certificate ca.pem is created in the \bin directory.

In order to import the certificate and use the certificate for the Console and Avalanche Remote Control, you need to convert it to PKCS #12 format. For information on converting the certificate, see Converting a Certificate in SSL Certificates.