Configuring SSL Encryption on a RAS Gateway

2 users found this article helpful


The traffic between the users and the RAS Secure Client Gateway is always encrypted. The SSL/TLS tab page allows you to configure data encryption options.

By default, a self-signed certificate is installed during the RAS Secure Client Gateway installation and TLS v1.0, v1.1, or v1.2 is used.

Each RAS Secure Client Gateway has its own certificate, which should be added to Trusted Root Authorities on the client side to avoid security warnings.

If, by any means, you need to generate new certificate, please refer to the following instructions:

How to Generate a Self-Signed Certificate using Parallels Remote Application Server

SSL accepted versions and cipher strength in Parallels Remote Application Server

Parallels Remote Application Server introduced the ability to enforce and use specific versions of SSL, as well as allowing custom configuration of cipher strength. Check this article for further instructions:

SSL accepted versions and cipher strength in Parallels Remote Application Server

Third-Party Trusted Certificate Authority

Should you prefer using Third-Party Trusted Certificate Authority, generate certificate request in RAS Gateway Properties.

Using Enterprise Certificate Authority

Use IIS to receive a certificate from Enterprise CA. The certificate should be exported in the pfx format and then converted into the PEM format using the OpenSSL tool. Please refer to this article to proceed:

Convert from PFX Format to PEM Format for SSL certifcates imported from IIS

NOTE: The trusted.pem file on the Parallels Client side must include the intermediate certificate to be able to verify the cert from the third party vendor.

If the intermediate certificate for the vendor is not in the trusted.pem file, you will have to paste it in manually, or create a trusted.pem template file with the proper Intermediate Certificates and then replace the old trusted.pem file with the newly updated one.

This file resides in Program Files\Parallels or Program Files(x86)\Parallels on the client side.

Additional information

Detailed information can also be found in Paralells Remote Application Server Administrators Guilde (part "Configure SSL Encryption on a Gateway")

Was this article helpful?

Tell us how we can improve it.