Secure Global Desktop 4.31 Administration Guide > Security > Sharing web server and Secure Global Desktop server certificates
Read this topic to... |
---|
|
How you share an X.509 certificate between a web server and Secure Global Desktop, depends on whether or not you are using the Secure Global Desktop Web Server.
The configuration file (/opt/tarantella/webserver/apache/apache_version/conf/httpd.conf
)
for the Secure Global Desktop Web Server is pre-configured to use the same certificates
as the Secure Global Desktop server. These are installed in the
/opt/tarantella/var/tsp
directory. So to share a
Secure Global Desktop server certificate with the Secure Global Desktop Web Server:
tarantella webserver restart --ssl
command.tarantella security start
command.If you are using your own web server instead of the Secure Global Desktop Web Server and you want to share its certificate with a Secure Global Desktop server, you have to decrypt the certificate's key and then install it on the Secure Global Desktop server.
Note If your web server doesn't let you access the key or the key was not originally encrypted by a product that uses SSLeay or OpenSSL certificate libraries, you must obtain and install a separate X.509 certificate.
To share a certificate:
cp /usr/local/apache/certs/boston.indigo-insurance.com.pem /opt/tarantella/var/tsp/ cp /usr/local/apache/certs/boston.indigo-insurance.com.key.pem /opt/tarantella/var/tsp/
tarantella security decryptkey
command to decrypt the certificate's key, for example:
tarantella security decryptkey \ --enckey /opt/tarantella/var/tsp/boston.indigo-insurance.com.key.pem \ --deckey /opt/tarantella/var/tsp/boston.indigo-insurance.com.key.out \ --format PEM
tarantella security certuse
command to install the X.509 certificate using the decrypted key file, for example:
tarantella security certuse --certfile /opt/tarantella/var/tsp/boston.indigo-insurance.com.pem --keyfile /opt/tarantella/var/tsp/boston.indigo-insurance.com.key.out
tarantella security start
command.Once you enable secure connections to a web server, the URL in the client profile must be re-configured to an HTTPS URL.
Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.