Home > MED-V, VPC > MED-V v1: How to Configure MED-V Client-Side SSL

MED-V v1: How to Configure MED-V Client-Side SSL


For MED-V v1, Client-side TLS/SSL security is an optional configuration which can be set to ensure only legitimate clients connect to the server. This will take security one-step further than the traditional server-based TLS/SSL.
To configure client-side SSL on the server:

1.) Verify SSL is enabled on the server (refer to Configuring Server Settings (on page 15)).

2.) Verify that the CA that issued the client certificate is in the Trusted Root Certificate Authorities of the Local Computer certificate store of the server.

3.) In the ServerSettings.xml file (located in the server installation\Servers directory), configure the following:

Set <RequireClientCertificate> to true.

4.) If you would like to verify the certificate thumbprint on the client:

In the <ClientCertificateThumbprint> tag, add the thumbprint so that the server will only accept client certificates with the specified thumbprint and a valid certificate chain. If the line is missing or blank, the server will accept all client certificates whose chain is valid.

Note: Verifying the certificate thumbprint on the client is only relevant if the administrator distributes one certificate to all clients.

5.) Restart the MED-V Servers service.

To configure client-side SSL on the client:

1.) Create a client certificate from the trusted CA and install it in the client’s Local Computer certificate store (refer to Configuring a Certificate for details).

2.) Verify that the CA that issued the client certificate is in the Trusted Root Certificate Authorities of the Local Computer certificate store of the client.

3.) In the ProfileInfo.xml file (located in the MED-V Client Installation\Management\Profile directory), copy and paste the thumbprint into the <ClientCertificateThumbprint> tag.

Note: Once the server side XML has been configured with the certificate attribute, this attribute is automatically added to the client side XML when creating a MED-V package.

Note: It is recommended to provide access permissions to the client certificate for Everyone.

On XP – use the WinHttpCertCfg.exe tool which can be downloaded from the Microsoft http://msdn2.microsoft.com/en-us/library/aa384088.aspx website.

On Vista or Windows 7 – use the MMC utility.

About these ads
Categories: MED-V, VPC Tags: , , , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: