Obtaining SSL Certificates
You need to obtain a certificate for these situations:
•To secure the connection between smart devices and the smart device server. This step is mandatory if you connect Android or iOS devices to Avalanche. For more information, see Importing a Certificate for the Smart Device Server.
•To secure the connection between Avalanche and the Central File Store. This step is mandatory if you use the Central File Store. For more information, see Importing a Certificate for the Central File Store.
•To secure the connection between the Avalanche Web Console and the Avalanche web server. This step is mandatory if you use Android Enterprise. For more information, see Accessing the Web Console Over an HTTPS Connection.
•To secure the connection between the remote control servers and devices. This step is mandatory if you use remote control. For more information, see Using Remote Control.
We strongly recommend that you purchase a certificate through a third-party certificate authority (such as DigiCert or Verisign). Utilizing a certificate authority tells clients that your server information was verified by a trusted source and is authentic.
If you install the Avalanche web server, smart device server, or remote control server on different systems, you need either a wildcard certificate or a certificate for each system where those Avalanche components are installed.
Creating a certificate request for a certificate authority
The first step of generating a certificate is to generate a certificate signing request (CSR). The CSR must be generated by the machine the certificate will be for.
These instructions explain how to generate a certificate signing request using Internet Information Services (IIS) Manager. Ivanti does not include IIS with Avalanche or install it for you. You are responsible for all associated licenses. If you choose to use a different tool, refer to the user guide for that tool for how to create a certificate request.
1.From the Windows Start menu, open Internet Information Services (IIS) Manager.
2.In the Connections pane, click the server the certificate is for.
3.In the center pane, double-click Server Certificates.
4.In the actions pane, click Create Certificate Request.
The Request Certificate window appears.
5.Enter the fully-qualified domain name of the server and the required information about your company; then click Next.
6.In the Cryptographic service provider drop-down menu, select Microsoft RSAS Channel Cryptographic Provider.
7.In the Bit length drop-down menu, select 2048.
8.Click Next.
9.Specify the location and file name for the CSR.
10.Click Finish.
11.Open the CSR file using a text editor.
12.Copy the text, including the begin and end tags.
13.Open an order form for the certificate authority you are using.
14.Paste the CSR text into the order form and complete the order.
When the certificate has been generated, the certificate authority will email you a zip file containing the certificate and any additional certificates in the path. To use the certificate with Avalanche, it must be in PKCS #12 format and include the private key.
Converting a certificate to PKCS #12
In order to use a certificate for the Avalanche Console, remote control, or the smart device server, the certificate must be in PKCS #12 format and include the private key. Even if the certificate authority gave you a .p12 file, you must import the private key into it before you can use it with Avalanche.
1.From the Windows Start menu, launch Manage computer certificates.
2.Right-click the Personal directory and select All Tasks > Import.
The Certificate Import wizard appears.
3.Click Next.
4.Browse to .crt files that you received from the certificate authority.
5.Open the .crt file that contains your domain name and click Next.
6.Click Next to accept the Certificate Store location.
7.Click Finish.
8.In the Manage computer certificates window, right-click the certificate and select All Tasks > Export.
The Certificate Export wizard appears.
9.Click Next.
10.Select Yes, export the private key and click Next.
11.Select Personal Information Exchange - PKCS #12 (.PFX).
12.Enable the Include all certificates in the certification path if possible check box.
13.Click Next.
14.Enter a password for the certificate and confirm it; then click Next.
15.Specify the location and file name for the certificate; then click Save.
16.Click Finish.
The certificate can now be used with Avalanche.
Implementing certificates
See the following sections for information about implementing your certificates:
•Importing a Certificate for the Smart Device Server