Overview

An SSL certificate issued by a trusted public certificate authority is required for AppsAnywhere, to secure access, and so that users do not see in-browser security warnings.

The SSL certificates required for the Cloudpaging and Parallels RAS are used to provide secure communication between AppsAnywhere and the other services. These certificates can be issued by a trusted internal certificate authority if preferable. 

 It is the customer's responsibility to obtain and maintain up-to-date certificates.

Requirements

The certificate issued must have a ‘common name’ value (cn) matching the FQDN/DNS for each service e.g.

  • AppsAnywhere
    appsanywhere.uni.edu

  • Analytics
    analytics.uni.edu

  • Cloudpaging
    cloudpaging.uni.edu

  • Parallels RAS
    parallels.uni.edu

Server FQDN/DNS entries can be included as a Subject Alternate Names (SANs), if required.

Format

We recommend certificates are supplied to AppsAnywhere in .PFX (Personal Information Exchange) format as this format is password protected by default.

Any passwords associated with the .PFX file must be supplied.

If required, see Generating a certificate request (csr).

SSL offloading

By default, we will apply certificates to your servers.

SSL offloading can be used if the SSL certificates for the service will be managed via the load balancer.

All traffic sent to the backend servers from the load balancer must be over HTTPS/443.

AppsAnywhere uses Kerberos (Windows Integrated Authentication) to sign in the user automatically via the Windows Pass Through Single Sign On authentication method. If the Kerberos request is modified by the decryption of the traffic and transmission over HTTP, it will invalidate the request and prevent the user from being signed in automatically.

Load balancing should be configured and operational for a Production environment.

For assistance, see Load Balancer Configuration .

Next Steps

Once the certificates are ready, refer to Applying and Renewing SSL certificates  .