VelocityCE: Use SSL

Version 1

    Verified Product Versions

    VelocityCE 1.0

    This document discusses how to configure the VelocityCE server and client to use SSL..


    Before you begin you will need to install the SSL package on the VelocityCE server and on the target device..


    Downloads - Emulation SSL


    The VelocityCE client can use 1 of the following types of certs created in the x.509 family.


    1. *.cer

    2. *.crt

    3. *.der

    4. *.pem


    To create the ceritificates you have a few option available..

         1. have a third party create the certificates for you such as GoDaddy

         2. Use OpenSSL

         3. Use the VelocityCE certificate manager


    To use OpenSSL following the below instructions:


    Below are the commands to create the certificates.

    1. openssl genrsa -out key.pem 2048
    2. openssl req -new -key key.pem -out csr.pem
    3. openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem

    ** when it asks for the FQDN, use the FQDN of the VelocityCE server..

    From here you can use the certificate.pem and import that into the VelocityCE client. Next you will want to take the certificate.pem and key.pem and rename them to following VelocityCE Friendly name

    1. certificate.pem = servercert.pem
    2. key.pem = serverkey.pem


    Place those in the VelocityCE install directory and RESTART the service for the VelocityCE Server..

    To Use the VelocityCE Certificate Manager:

    To use SSL in the client you MUST use the SSL configuration with in the Velocity Server Tab.. NOT the host profile tab

    If you are going to verify the certificates, make sure to check that option and then use the Select verification certificates

    This bring up the cert manager.. From here you can choose import, remove or create.. If you created the cert with a third party application, use the import feature.. If you want to create the certificate here, choose create certificates.

    For this demo I am going to create my certificate.


    The only field that is required is the server address.. This is the address of VelocityCE, FQDN.. Fill out the rest if you wish. Once done click OK

    You will then go through a series of prompts asking to create and save certs for TermProxy and VelocityCE.. Say yes to create the certs.. Once you are done here go to: C:\Program Files (x86)\Wavelink\SSL\Certificates, grab your newly created certs and place them in the VelocityCE install directory.

    RESTART the VelocityCE Server service.


    All you have to do now is connect..


    ***** Be advised however that the server communications from VelocityCE Server to the host server are NOT encrypted..