An SSL certificate is an effective way to secure a website against unauthorized interception of data. At its simplest, an SSL Certificate is used to identify the website and encrypt all data flowing to and from the Certificate holder’s Website.
Thinfinity Remote Desktop Server includes a valid SSL certificate and all communications will be encrypted by the product’s default certificate.
Would you like to use your own certificate? Need to add special configurations to the default SSL settings? Then you just need to follow this tutorial.
How to install a secure SSL certificate
for Thinfinity Remote Desktop Server
To manage your SSL certificates you must open Thinfinity Remote Desktop Server Gateway Manager, and click the little certificate icon:
You can either use our certificate or configure your own.
If you want to use our default certificate you should have the files set as the image below:
To create a self signed certificate just click on ‘Create a self-signed certificate’. This will bring up the form below:
- Country Code: The two letter country code of the International Organization for Standardization (ISO 3166)
State: Full unabbreviated name of the state or province your organization is located.
Locality: Full unabbreviated name of the city where your organization is located.
Organization: The name your company is legally registered under.
Organizational Unit: Use this field to differentiate between divisions within an organization.
Common Name :The domain name or URL you plan to use this certificate with.
E-Mail Address: Company email address.
Bits: We recommend using a 2048 length key.
IMPORTANT: Keep in mind that this certificate has not been issued by a known Certificate Authority (CA), hence, the web browsers will warn you they can not verify its authority.
Request and install a CA Certificate for your Server
To aquire a valid certificate from a Certificate Authority (such as GoDaddy, VeriSign, Thawte, GeoTrust, etc.), you will need to create a certificate request from the ‘Create a Certificate Request’ button.
The page will ask you to fill a form similar to the one above, but instead of creating a self signed certificate file it will create 2 files:
Private key: You should always keep this safe with you.
Request key: This has to be sent to the Certificate Authority (CA).
The CA will send you back the certificate file and the certificate chain file (or CA File). With these files and the private key you are ready to configure your Server certificate.
Bear in mind Thinfinity Remote Desktop Server only supports PEM format certificates. PEM certificates usually have extensions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements.
If your certificate has a different format you can use OpenSSL to convert this, below are some useful commands to do so:
Convert DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
Convert PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
If you have any questions regarding the SSL certificate management, you can leave a comment below or send us an email at firstname.lastname@example.org.