Avalanche powered by Wavelink

SSL Certificates

You need to obtain an SSL certificate for these situations:

•To secure the connection between smart devices and the smart device server. This step is mandatory if you connect Android devices to Avalanche.

•To secure the connection between the remote control servers and devices. This step is mandatory if you use remote control.

•To secure the connection between Avalanche and the Central File Store. This step is mandatory if you use the Central File Store.

•To secure the connection between the Avalanche Web Console and the Avalanche web server. This step is optional. For more information, see Accessing the Web Console Over an HTTPS Connection.

We strongly recommend that you purchase a certificate through a third-party certificate authority (such as DigiCert or Verisign). Utilizing a certificate authority tells clients that your server information was verified by a trusted source and is authentic.

If you install the Avalanche web server, smart device server, or remote control server on different systems, you need either a wildcard certificate or a certificate for each system where those Avalanche components are installed.

Creating a Certificate Request for a Certificate Authority

The first step of generating a certificate is to generate a certificate signing request (CSR). The CSR must be generated by the machine the certificate will be for.

These instructions explain how to generate a certificate signing request using Internet Information Services (IIS) Manager. Ivanti does not include IIS with Avalanche or install it for you. You are responsible for all associated licenses. If you choose to use a different tool, refer to the user guide for that tool for how to create a certificate request.

1.From the Windows Start menu, open Internet Information Services (IIS) Manager.

2.In the Connections pane, click the server the certificate is for.

3.In the center pane, double-click Server Certificates.

4.In the actions pane, click Create Certificate Request.
The Request Certificate window appears.

5.Enter the fully-qualified domain name of the server and the required information about your company; then click Next.

6.In the Cryptographic service provider drop-down menu, select Microsoft RSA SChannel Cryptographic Provider.

7.In the Bit length drop-down menu, select 2048.

8.Click Next.

9.Specify the location and file name for the CSR.

10.Click Finish.

11.Open the CSR file using a text editor.

12.Copy the text, including the begin and end tags.

13.Open an order form for the certificate authority you are using.

14.Paste the CSR text into the order form and complete the order.

When the certificate has been generated, the certificate authority will email you a zip file containing the certificate and any additional certificates in the path. To use the certificate with Avalanche, it must be in PKCS #12 format and include the private key.

Converting a Certificate to PKCS #12

In order to use an SSL certificate for the Avalanche Console, remote control, or the smart device server, the certificate must be in PKCS #12 format and include the private key. Even if the certificate authority gave you a .p12 file, you must import the private key into it before you can use it with Avalanche.

1.From the Windows Start menu, launch Manage computer certificates.

2.Right-click the Personal directory and select All Tasks > Import.
The Certificate Import wizard appears.

3.Click Next.

4.Browse to .crt files that you received from the certificate authority.

5.Open the .crt file that contains your domain name and click Next.

6.Click Next to accept the Certificate Store location.

7.Click Finish.

8.In the Manage computer certificates window, right-click the certificate and select All Tasks > Export.
The Certificate Export wizard appears.

9.Click Next.

10.Select Yes, export the private key and click Next.

11.Select Personal Information Exchange - PKCS #12 (.PFX).

12.Enable the Include all certificates in the certification path if possible check box.

13.Click Next.

14.Enter a password for the certificate and confirm it; then click Next.

15.Specify the location and file name for the certificate; then click Save.

16.Click Finish.
The certificate can now be used with Avalanche.

Distributing Certificates to Servers

After obtaining an SSL certificate and converting it to PKCS #12 format with the private key, use smart device server profiles to distribute each certificate to the server using it.

The certificate must be in PKCS #12 format. If the certificate is in a different format, convert it to PKCS #12 first.

1.From the Avalanche Console, navigate to the Profiles page and select the smart device server profile you want to add the certificate to.

2.Click Edit.

3.In the HTTPS Configuration section, click Add.

4.Locate the certificate's .pfx file and click Open.

5.Enter the password associated with the certificate in the Password text box.

6.Click Save.

7.Click the Needs Deployment button in the upper right corner of the console.

8.Select Deploy Now.

-Or-

Select Deploy Later and enter a date and time for the deployment.

9.Click Finish.
A system message will appear in the console when the deployment is completed.

After you have set up the SSL certificate, communication between smart devices and the smart device server is enabled and you can enroll devices. For information on connecting devices, see Connecting Devices to the Avalanche Server.