Using a Third-Party Trusted Certificate Authority

Generate a CSR

To obtain a certificate from a third-party CA, you need to generate a certificate signing request (CSR) as described below.

In the RAS Console, navigate to Farm / Site / Certificates. Click Tasks > Generate a certificate request. In the dialog that opens, specify the following options:

• Name: Type a name for this certificate. This field is mandatory.

• Description: An optional description.

• Usage: Specify whether the certificate should be used for RAS Secure Gateways or HALB, or both. This selection is mandatory.

• Key size: The certificate key size, in bits. Here you can select from the predefine values. The default is 2048 bit, which is the minimum required length according to current industry standards.

• Country code: Select your country.

• Expire in: The certificate expiration date.

• Full state or province: Your state or province info.

• City: City name.

• Organization: The name of your organization.

• Organization unit: Organizational unit.

• E-mail: Your email address. This field is mandatory.

• Common name: The Common Name (CN), also known as the Fully Qualified Domain Name (FQDN). This field is mandatory.

After entering the information, click Generate. Another dialog will open displaying the request. Copy and paste the request into a text editor and save the file for your records. The dialog also allows you to import a public key at this time. You can submit the request to a certificate authority now, obtain the public key, and import it without closing the dialog, or you can do it later. If you close the dialog, the certificate will appear in the RAS Console with the Status column indicating Requested.

To submit the request to a certificate authority and import a public key:

1. If the certificate request Properties dialog is closed, open it by right-clicking a certificate and choosing Properties. In the dialog, select the Request tab.

2. Copy the request and paste it into the certificate authority web page (or email it, in which case you will need to come back to this dialog later).

3. Obtain the certificate file from the certificate authority.

4. Click the Import public key button and finalize the certificate registration by specifying the key file and the certificate file.

Import the certificate

You know need to import the certificate into Parallels RAS. To do so, on the Certificates tab, click Tasks > Import certificate. In the dialog that opens, specify the following:

• Name: Type a name for the certificate.

• Description: An optional description.

• Private key file: Specify a file containing the private key. Click the [...] button to browse for the file.

• Certificate file: When you specify a private key file (above) and have a matching certificate file, it will be inserted in this field automatically. Otherwise, specify a certificate file.

• Usage: Specify whether the certificate will be used for RAS Secure Gateways or HALB, or both.

Click OK when done. The certificate will appear in the list in the RAS Console with the Status column indicating Imported.

To view the certificate info, right-click it and choose Properties. In the dialog that opens, examine the properties and then click the View certificate info button to view the certificate trust information, details, certification path and the certificate status. You can also view the certificate info by right-clicking it and choosing View certificate info.

For imported certificates, the Properties dialog has an additional tab Intermediate. If the original certificate included an intermediate certificate (in addition to the root certificate), it will be displayed here. You can paste a different intermediate certificate here if you wish.