The DaaS platform allows you to upload custom SSL certificates for each service provider appliance. To enable a custom certificate, you upload three certificate files in Apache format: SSL Certificate, SSL Key, and CA Certificate.
To upload the three certificate files, you navigate to the Certificates tab under configuration (this is a different Certificates tab than the one used for tenants).
- In Service Center, select configuration > general.
- Select the Click here link.
- Click the Certificates tab.
- On the Certificates tab, browse for and select the following three files:
CA Certificate: The public certificate from a certificate authority that was used to sign the service provider certificate. This file will have a .pem or .crt extension.
SSL Certificate: The service provider’s public certificate, which was signed by the CA. This file has a .crt extension, which indicates that it is a certificate file.
SSL Key: The private key used to decrypt the service provider’s SSL certificate. This is needed in order to be able to respond to certificate requests. This file has a .key file extension.
- Click Submit to upload the files.
- Select the Click here link to install the certificate on the service provider appliances.
Note the following:
To get the SSL Certificate file the service provider administrator should submit a certificate sign request to their certificate authority. Their certificate authority will provide the administrator with a certificate file (.crt) which can be provided to the DaaS service provider to be uploaded. For more information on how to get a signed certificate, contact the certificate authority.
If the IP address or URL for the Service Center does not resolve to the service provider CN in their certificate, the service provider administrator may wish to include in their certificate a Subject Alternative Name so that the desktop portal's URL accessed by web clients can be matched to the uploaded service provider certificate. For more details on how to add a Subject Alternative Name to the certificate, contact the certificate authority.