Important: The MC is shipped with a default Teradici self-signed certificate. It is strongly recommended that you generate your own certificates signed by a recognized certificate authority (CA), and then update both your MC and your endpoints with the certificates before configuring a discovery method or adding endpoints to your MC.
The MC's SECURITY page displays information about the current certificate that the MC is using. It lets you upload your own MC certificates to the MC. If you wish to revert to the default self-signed certificate, you can also do this from the SECURITY page. You can access this page by clicking SETTINGS from the MC's top menu, then clicking the SECURITY menu in the left pane.
Note: Click the ? beside each field for help with any of the settings.
Figure 6-3: SECURITY Page
The MC requires the following certificates:
Note: All MC certificates must be issued in PEM format.
This section explains how to upload your own certificates to the MC and to endpoints that require an MC certificate before discovery. If you wish to avoid browser certificate warnings when you access the MC's web interface, you can also install the MC certificate in your browser.
Important: If you are installing your own MC certificates before you have added endpoints to the MC, please follow the instructions in the order shown below. If you need to update your MC certificates for any reason after the MC has already discovered your endpoints, the order of this procedure is slightly different. See Updating MC Certificates after Endpoint Discovery for details.
Note: Uploading a certificate disables all MC users and causes the MC application to restart. Users will not be able to access the MC for one to two minutes.
If your DHCP or DNS server is configured to provision endpoints with the MC's public key certificate fingerprint, this information must be updated next. You can update your server with your MC certificate fingerprint as follows:
If your endpoints are configured with a discovery method and security level that require them to have an MC certificate in their trusted certificate store before they can connect to the MC, you can either upload the MC certificate for a group of endpoints using a 1.10.x MC profile, or you can upload the MC certificate locally using each endpoint's AWI. Depending on your security requirements, you can upload either an MC issuer certificate (i.e., the root CA certificate (or intermediate certificate) that was used to issue an MC server certificate) or you can upload the MC server's public key certificate.
If you wish to avoid browser certificate warnings when you access the MC's web interface, you can install an MC certificate in your browser. You can use either an MC issuer certificate or the MC server's public key certificate.
Note: In Firefox you can also disable the certificate warnings by adding an exemption for the MC. To do this, click I Understand the Risks on the This Connection is Untrusted warning page and follow the directions.
Note: Reverting the MC to its self-signed certificate disables all MC users and causes the MC application to restart. Users will not be able to access the MC for one to two minutes.