If your network uses a security device such as Cisco Umbrella or Barracuda Web Security Gateway, or if your organization uses a custom Root CA Certificate for internal SSL certificates, you may need to install a custom Root CA certificate into both your Deskpro OPC server, and within the Horizon containers.

Once these certificates have been installed, Deskpro trusts SSL certificates signed by these Root CA certificates, which will prevent connections from being rejected due to certificate validation issues.

Updating from the Legacy method

If you have updated your OPC version from v2.23.2 or earlier, your host may use the legacy method for handling custom root CA certificates.

If so, you should see an outstanding decision asking if you would like to update to the Local Method or continue using the Legacy Method.

This guide covers the Local Method, which is the method we recommend using.

Adding a custom root CA certificate

In your OPC, select Settings and then Advanced Settings. Towards the bottom of the page is a section named Host Certificates. Click + Add Certificate to add a new certificate. Select where you would like the certificate to apply. Then drag/drop or paste the certificate into the field provided in PEM (Base64) format.

Please ensure the certificate begins with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----, then click Add Certificate to import the certificate.

If you select any instances to install the certificate on, the instances will restart to apply the new certificates.

Managing your installed certificates

You can view installed certificates on the host under Settings > Advanced Settings > Host Certificates or per instance under Instance > Advanced Configuration > Instance Certificates. Installed certificates are listed here and can be downloaded or deleted if required.

Using the OPC CLI

You can manage your custom root certificates using the OPC CLI using the following command base:

opc config certificate
 copy

From this base command, you have the option to add, delete, or list.

Adding a new certificate

The add option allows you to add new certificates.

Example:

opc config certificate add --path /path/to/certificate.crt --host --instance helpdesk
 copy

You must specify the path to the certificate file on your server with the --path flag.

If you want to add the certificate to the host, add the --host flag, and for each instance, add the --instance {instanceID} flag.

Listing installed certificates

The list option allows you to view installed certificates.

opc config certificate list
 copy

Deleting installed certificates

The delete option allows you to remove installed certificates.

Example:

opc config certificate delete --path /path/to/certificate.crt
 copy

You must specify the path to the certificate you wish to delete from the list command with the --path flag.

Helpful Unhelpful

next pageEssential URLs previous pageConfiguring a NAT IP

Please log in or register to submit a comment.

Page sections