An SSL certificate issued by a trusted public certificate authority is required for AppsAnywhere, to secure access, and so that users do not see in-browser security warnings.

 It is the customer's responsibility to obtain and maintain up-to-date certificates.


The certificate issued must have a ‘common name’ value (cn) matching the FQDN/DNS for each service e.g.

  • AppsAnywhere

  • Analytics

  • Cloudpaging

  • Parallels RAS

Server FQDN/DNS entries can be included as a Subject Alternate Names (SANs), if required.


We recommend certificates are supplied to AppsAnywhere in .PFX (Personal Information Exchange) format as this format is password protected by default.

Any passwords associated with the .PFX file must be supplied.

If required, see Generating a certificate request (csr).

SSL offloading

By default, we will apply certificates to your servers.

SSL offloading can be used if the SSL certificates for the service will be managed via the load balancer.

All traffic sent to the backend servers from the load balancer must be over HTTPS/443.

AppsAnywhere uses Kerberos (Windows Integrated Authentication) to sign in the user automatically via the Windows Pass Through Single Sign On authentication method. If the Kerberos request is modified by the decryption of the traffic and transmission over HTTP, it will invalidate the request and prevent the user from being signed in automatically.

Load balancing should be configured and operational for a Production environment.

For assistance, see Load Balancer Configuration .

Next Steps

Once the certificates are ready, refer to Applying and Renewing SSL certificates  .