Serwer terminali Winflector - alternatywa dla aplikacji Zdalny Pulpit, Citrix XenApp

Using SSL Certificates with Winflector server

1. Free certificate, valid 3 months - perfect for testing

SSL For Free

https://www.sslforfree.com/

You must generate a certificate for the desired address (DNS name). For this purpose, you have to perform the necessary operations according to the instructions on the page. Then, please download the entire set of generated files.

Winflector requires .PFX certifcate format, so you have to convert the downloaded files to the .pfx file. Exemplary instruction is available at:

https://stackoverflow.com/questions/6307886/how-to-create-pfx-file-from-certificate-and-private-key/17284371#17284371

When using openssl - https://wiki.openssl.org/index.php/Binaries, execute the command:

openssl pkcs12 -export -out your_domain.pfx -inkey your_domain_private.key -in your_domain.crt

The generated .pfx certificate must be imported to to the windows personal certificate store.

How to do that?

Clicking on the .pfx file opens the proper mmc snap-in used for the certificate importation. You can also open the mmc.exe console, add snap-in Certficates for My users account. After the snap-in loading, you move to the Console Root -> Certificates - Current User -> Personal -> Certificates, click right mouse button: All tasks -> Import. Then follow the instructions.

 

2. Purchase a certificate (for example issued by namecheap)

The following steps are required:
  • Having the .csr file generated, and the PositiveSSL certificate purchased, use it in the client's panel on the site of the issuer (namecheap), to generate our certificate. Generation requires few steps in order to validate the adress. We can choose one from three available methods (DNS, email and website)
  • After validation of the data authenticity, you will receive the certificate in the form of a .cer file. (the file can also be downloaded from the website)
  • Received .cer file is to be imported using the Digicert application. (on the same machine on which .csr was generated). Then, after selecting the certificate, click Export certificate to .pfx format which also contains private key.
  • After creating the certificate .pfx file, you can import it to Windows, to the personal certificate store of a given user (Current user). Clicking on the .pfx file opens the proper mmc snap-in used for the certificate importation. You can also open the mmc.exe console, add snap-in Certficates for My users account. After the snap-in loading, you move to the Console Root -> Certificates - Current User -> Personal -> Certificates, click right mouse button: All tasks -> Import. Then follow the instructions.

 

3. Other methods

You can probably use the .csr generator and private .key as well,  for example from the page: https://csrgenerator.com/.

Then you have to purchase the certificate, validate and download it. If it's not in the .pfx format, you have use a converter to convert your files to the required format. You can do it using online tools, openssl or other converters.

Finally, you have to import the .pfx file to the user's personal certifactes.

 

4. Problems with the certificate implementation

If you get an error during Winflector server configuration to implement SSL certificate like "SSL Certificate is invalid or not found"

 

one of the reasons is the wrong location of your SSL certificate

SSL Certificate must be installed in your personal certificate store.

 

 

If you have still problem with implementation be sure, that your certificate is in required format .PFX (files that contain the public key file -SSL certificate file and the associated private key file)

Finally, if your configuration is correct, you should get appropriate information in your browser. :-)