SSL Certificates
Overview
An SSL certificate issued by a trusted public certificate authority is required for AppsAnywhere, to secure access, and so that users do not see in-browser security warnings.
It is the customer's responsibility to obtain and maintain up-to-date certificates.
Requirements
The certificate issued must have a ‘common name’ value (cn) matching the FQDN/DNS for each service e.g.
AppsAnywhere
appsanywhere.uni.eduAnalytics
analytics.uni.eduCloudpaging
cloudpaging.uni.eduParallels RAS
parallels.uni.edu
Server FQDN/DNS entries can be included as a Subject Alternate Names (SANs), if required.
Format
We recommend certificates are supplied to AppsAnywhere in .PFX (Personal Information Exchange) format as this format is password protected by default and contains all the required certificate files (certificate, chain and key).
Any passwords associated with the .PFX file must be supplied.
If required, see Generating a certificate request (csr).
SSL offloading
SSL offloading can be used if the SSL certificates for the service will be managed via the load balancer.
All traffic sent to the backend servers from the load balancer must be over HTTPS/443.
AppsAnywhere uses Kerberos (Windows Integrated Authentication) to sign in the user automatically via the Windows Pass Through Single Sign On authentication method. If the Kerberos request is modified by the decryption of the traffic and transmission over HTTP, it will invalidate the request and prevent the user from being signed in automatically.
Load balancing should be configured and operational for a Production environment.
For assistance, see Load Balancer Configuration .
Next Steps
Once the certificates are ready, refer to Applying and Renewing SSL certificates .