KB Parallels: How to manage certificates using PowerShell

How to manage certificates using PowerShell

1 users found this article helpful

Applies to:
- Parallels Remote Application Server
Last Review: Feb 21, 2023
Available Translations:
Get updates Download

Information

Since RAS 17.1.1 certificates are managed centrally. Instead of adding a certificate to each gateway individually, you can use the following PowerShell commandlets:

New-RASCertificate - Creates a Certificate by Importing a Certificate/Pfx file, generating a self-signed certificate or generating a certificate request.

SYNTAX

New-RASCertificate [-Name] <string> [[-SiteId] <uint>] -PfxFile <string> [-Description <string>] [-Enabled <bool>] [-PfxPassword <SecureString>] [-Usage <CertificateUsage> {None | Gateway | HALB}] [<CommonParameters>]

New-RASCertificate [-Name] <string> [[-SiteId] <uint>] -CertificateFile <string> -PrivateKeyFile <string> [-Description <string>] [-Enabled <bool>] [-Usage <CertificateUsage> {None | Gateway | HALB}] [<CommonParameters>]

New-RASCertificate [-Name] <string> [[-SiteId] <uint>] -CommonName <string> -Email <string> [-City <string>] [-CountryCode <string>] [-Description <string>] [-Enabled <bool>] [-ExpireInMonths <uint>] [-FullStateOrProvince <string>] [-KeySize <CertificateKeySize> {KeySize1024 | KeySize2048 | KeySize4096 | KeySizeUnknown}] [-Organisation <string>] [-OrganisationUnit <string>] [-Usage <CertificateUsage> {None | Gateway | HALB}] [<CommonParameters>]

New-RASCertificate [-Name] <string> [[-SiteId] <uint>] -CommonName <string> -Email <string> -RequestFile <string> [-City <string>] [-CountryCode <string>] [-Description <string>] [-Enabled <bool>] [-FullStateOrProvince <string>] [-KeySize <CertificateKeySize> {KeySize1024 | KeySize2048 | KeySize4096 | KeySizeUnknown}] [-Organisation <string>] [-OrganisationUnit <string>] [-Usage <CertificateUsage> {None | Gateway | HALB}] [<CommonParameters>]

Once you create a certificate, you may use Set-GW commandlet that modifies the properties of a RAS Secure Client Gateway.

SYNTAX

Set-GW [-Server] <string> [[-SiteId] <uint>] [-AllowAppsInNewTab <bool>] [-AllowClipboard <bool>] [-AllowEmbed <bool>] [-AllowFileTransfer <bool>] [-AllowLaunchMethod <bool>] [-AlternateNLBHost <string>] [-AlternateNLBPort <uint>] [-AutoPreferredPA <SwitchParameter>] [-BindV4Addresses <string>] [-BindV6Addresses <string>] [-Broadcast <bool>] [-CertificateFile <string>] [-Cipher <string>] [-CipherStrength <CipherStrength> {Low | Medium | High | Custom}] [-Description <string>] [-DOSPro <bool>] [-EnableAlternateNLBHost <bool>] [-EnableAlternateNLBPort <bool>] [-EnableClientManagerPort <bool>] [-Enabled <bool>] [-EnableGWPort <bool>] [-EnableHSTS <bool>] [-EnableHTML5 <bool>] [-EnableRDP <bool>] [-EnableRDPUDP <bool>] [-EnableSSL <bool>] [-EnableWyseSupport <bool>] [-ForwardGatewayServers <string>] [-ForwardHttpServers <string>] [-GWMode <GatewayMode> {Normal | Forwarding}] [-GWPort <uint>] [-HSTSIncludeSubdomains <bool>] [-HSTSMaxAge <uint>] [-HSTSPreload <bool>] [-HTML5Port <uint>] [-IPs <string>] [-IPVersion <IPVersion> {Version4 | Version6 | BothVersions}] [-LaunchMethod <LaunchMethod> {ParallelsClientAndHTML5 | ParallelsClient | HTML5}] [-MACAllowExcept <string[]>] [-MACAllowOnly <string[]>] [-MinSSLVersion <AcceptedSSLVersions> {SSLv2 | SSLv3 | TLSv1 | TLSv1_1 | TLSv1_2}] [-NewServer <string>] [-NormalModeForwarding <bool>] [-OptimizeConnectionIPv4 <string>] [-OptimizeConnectionIPv6 <string>] [-PfxFile <string>] [-PfxPassword <SecureString>] [-PreferredPAId <uint>] [-PreferredPAObj <PA>] [-PrivateKeyFile <string>] [-RDPPort <uint>] [-SecurityMode <GWSecurityMode> {AllowAllExcept | AllowOnly}] [-SSLPort <uint>] [-UsePreWin2000LoginFormat <bool>] [-WebRequestsURL <string>] [<CommonParameters>]

Set-GW [-Id] <uint> [-AllowAppsInNewTab <bool>] [-AllowClipboard <bool>] [-AllowEmbed <bool>] [-AllowFileTransfer <bool>] [-AllowLaunchMethod <bool>] [-AlternateNLBHost <string>] [-AlternateNLBPort <uint>] [-AutoPreferredPA <SwitchParameter>] [-BindV4Addresses <string>] [-BindV6Addresses <string>] [-Broadcast <bool>] [-CertificateFile <string>] [-Cipher <string>] [-CipherStrength <CipherStrength> {Low | Medium | High | Custom}] [-Description <string>] [-DOSPro <bool>] [-EnableAlternateNLBHost <bool>] [-EnableAlternateNLBPort <bool>] [-EnableClientManagerPort <bool>] [-Enabled <bool>] [-EnableGWPort <bool>] [-EnableHSTS <bool>] [-EnableHTML5 <bool>] [-EnableRDP <bool>] [-EnableRDPUDP <bool>] [-EnableSSL <bool>] [-EnableWyseSupport <bool>] [-ForwardGatewayServers <string>] [-ForwardHttpServers <string>] [-GWMode <GatewayMode> {Normal | Forwarding}] [-GWPort <uint>] [-HSTSIncludeSubdomains <bool>] [-HSTSMaxAge <uint>] [-HSTSPreload <bool>] [-HTML5Port <uint>] [-IPs <string>] [-IPVersion <IPVersion> {Version4 | Version6 | BothVersions}] [-LaunchMethod <LaunchMethod> {ParallelsClientAndHTML5 | ParallelsClient | HTML5}] [-MACAllowExcept <string[]>] [-MACAllowOnly <string[]>] [-MinSSLVersion <AcceptedSSLVersions> {SSLv2 | SSLv3 | TLSv1 | TLSv1_1 | TLSv1_2}] [-NewServer <string>] [-NormalModeForwarding <bool>] [-OptimizeConnectionIPv4 <string>] [-OptimizeConnectionIPv6 <string>] [-PfxFile <string>] [-PfxPassword <SecureString>] [-PreferredPAId <uint>] [-PreferredPAObj <PA>] [-PrivateKeyFile <string>] [-RDPPort <uint>] [-SecurityMode <GWSecurityMode> {AllowAllExcept | AllowOnly}] [-SSLPort <uint>] [-UsePreWin2000LoginFormat <bool>] [-WebRequestsURL <string>] [<CommonParameters>]

Set-GW [-InputObject] <GW> [-AllowAppsInNewTab <bool>] [-AllowClipboard <bool>] [-AllowEmbed <bool>] [-AllowFileTransfer <bool>] [-AllowLaunchMethod <bool>] [-AlternateNLBHost <string>] [-AlternateNLBPort <uint>] [-AutoPreferredPA <SwitchParameter>] [-BindV4Addresses <string>] [-BindV6Addresses <string>] [-Broadcast <bool>] [-CertificateFile <string>] [-Cipher <string>] [-CipherStrength <CipherStrength> {Low | Medium | High | Custom}] [-Description <string>] [-DOSPro <bool>] [-EnableAlternateNLBHost <bool>] [-EnableAlternateNLBPort <bool>] [-EnableClientManagerPort <bool>] [-Enabled <bool>] [-EnableGWPort <bool>] [-EnableHSTS <bool>] [-EnableHTML5 <bool>] [-EnableRDP <bool>] [-EnableRDPUDP <bool>] [-EnableSSL <bool>] [-EnableWyseSupport <bool>] [-ForwardGatewayServers <string>] [-ForwardHttpServers <string>] [-GWMode <GatewayMode> {Normal | Forwarding}] [-GWPort <uint>] [-HSTSIncludeSubdomains <bool>] [-HSTSMaxAge <uint>] [-HSTSPreload <bool>] [-HTML5Port <uint>] [-IPs <string>] [-IPVersion <IPVersion> {Version4 | Version6 | BothVersions}] [-LaunchMethod <LaunchMethod> {ParallelsClientAndHTML5 | ParallelsClient | HTML5}] [-MACAllowExcept <string[]>] [-MACAllowOnly <string[]>] [-MinSSLVersion <AcceptedSSLVersions> {SSLv2 | SSLv3 | TLSv1 | TLSv1_1 | TLSv1_2}] [-NewServer <string>] [-NormalModeForwarding <bool>] [-OptimizeConnectionIPv4 <string>] [-OptimizeConnectionIPv6 <string>] [-PfxFile <string>] [-PfxPassword <SecureString>] [-PreferredPAId <uint>] [-PreferredPAObj <PA>] [-PrivateKeyFile <string>] [-RDPPort <uint>] [-SecurityMode <GWSecurityMode> {AllowAllExcept | AllowOnly}] [-SSLPort <uint>] [-UsePreWin2000LoginFormat <bool>] [-WebRequestsURL <string>] [<CommonParameters>]

Please refer to Parallels RAS PowerShell Guide for more details on the commandlets.

Example

Here is a short example describing how to generate a new self-signed certificate and configure one of gateways to use it:

Start PowerShell window and execute these commands one by one:

Import-Module PSAdmin
New-RASSession (you will be prompted for credentials)
New-RASCertificate -Name "SelfSignedCertificate" -SiteId 1 -Description "Test SelfSigned certificate" -Usage Gateway -Enabled $true -Email "kpavlov@ras.sup.lab" -CommonName "SUP1-BS1.ras.sup.lab"
Pay attention to the ID of the newly generated certificate. In this case, it was 12:

Set-GW -ID 1 -CertificateId 12 (it will set this certificate for the gateway that has ID 1)
Invoke-Apply

Here are the results:

Was this article helpful?

Tell us how we can improve it.