Skip to main content
Skip table of contents

SSL Certificates

Overview

An SSL certificate issued by a trusted public certificate authority is required for AppsAnywhere, to secure access, and so that users do not see in-browser security warnings.

 It is the customer's responsibility to obtain and maintain up-to-date certificates.

Requirements

The certificate issued must have a ‘common name’ value (cn) matching the FQDN/DNS for each service e.g.

  • AppsAnywhere
    appsanywhere.uni.edu

  • Analytics
    analytics.uni.edu

  • Cloudpaging
    cloudpaging.uni.edu

  • Parallels RAS
    parallels.uni.edu

Server FQDN/DNS entries can be included as a Subject Alternate Names (SANs), if required.

Format

We recommend certificates are supplied to AppsAnywhere in .PFX (Personal Information Exchange) format as this format is password protected by default.

Any passwords associated with the .PFX file must be supplied.

If required, see Generating a certificate request (csr).

SSL offloading

SSL offloading can be used if the SSL certificates for the service will be managed via the load balancer.

All traffic sent to the backend servers from the load balancer must be over HTTPS/443.

AppsAnywhere uses Kerberos (Windows Integrated Authentication) to sign in the user automatically via the Windows Pass-Through Single Sign On authentication method. If the Kerberos request is modified by the decryption of the traffic and transmission over HTTP, it will invalidate the request and prevent the user from being signed in automatically.

Load balancing should be configured and operational for a Production environment.

For assistance, see Load Balancer Configuration .

Next Steps

Once the certificates are ready, refer to Applying and Renewing SSL certificates  .

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.