This document discusses how to configure the VelocityCE server and client to use SSL..
Before you begin you will need to install the SSL package on the VelocityCE server and on the target device..
The VelocityCE client can use 1 of the following types of certs created in the x.509 family.
To create the ceritificates you have a few option available..
1. have a third party create the certificates for you such as GoDaddy
2. Use OpenSSL
3. Use the VelocityCE certificate manager
To use OpenSSL following the below instructions:
Below are the commands to create the certificates.
- openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out csr.pem
openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem
** when it asks for the FQDN, use the FQDN of the VelocityCE server..
From here you can use the certificate.pem and import that into the VelocityCE client. Next you will want to take the certificate.pem and key.pem and rename them to following VelocityCE Friendly name
- certificate.pem = servercert.pem
- key.pem = serverkey.pem
Place those in the VelocityCE install directory and RESTART the service for the VelocityCE Server..
To Use the VelocityCE Certificate Manager:
To use SSL in the client you MUST use the SSL configuration with in the Velocity Server Tab.. NOT the host profile tab
If you are going to verify the certificates, make sure to check that option and then use the Select verification certificates
This bring up the cert manager.. From here you can choose import, remove or create.. If you created the cert with a third party application, use the import feature.. If you want to create the certificate here, choose create certificates.
For this demo I am going to create my certificate.
The only field that is required is the server address.. This is the address of VelocityCE, FQDN.. Fill out the rest if you wish. Once done click OK
You will then go through a series of prompts asking to create and save certs for TermProxy and VelocityCE.. Say yes to create the certs.. Once you are done here go to: C:\Program Files (x86)\Wavelink\SSL\Certificates, grab your newly created certs and place them in the VelocityCE install directory.
RESTART the VelocityCE Server service.
All you have to do now is connect..
***** Be advised however that the server communications from VelocityCE Server to the host server are NOT encrypted..