Let’s Encrypt certificate management

1 users found this article helpful

Description

Parallels Remote Application Server v19 allows to use SSL certificates issued by Let's Encrypt. Let’s Encrypt is a global Certificate Authority (CA). This organization is nonprofit and does not charge any fees for their certificates.

Prerequisites

• Publicly accessible domain that resolves to the HALB or Secure Gateway directly or through third-party load balancers.

• Port 80 must be opened on the HALB and Secure Gateway for incoming Let’s Encrypt requests.

Configuration

To issue a new Let’s Encrypt certificate:

1. In the Parallels RAS Console, navigate to Farm > Certificates.

2. Click the Tasks drop-down menu and select Issue Let’s Encrypt Certificate.

3. In opened configuration wizard read Let's Encrypt EULA. Confirm your consent by checking I have read and accept Let's Encrypt EULA flag.

4. In Expiration emails field list specify email addresses that will receive notifications from Let’s Encrypt.

5. Optionally, change the time when certificates are renewed automatically in the Automatically renew certificates before expiration field.

6. Click OK.

7. Click the [+] button to the left of the Tasks drop-down list and choose Issue Let's Encrypt certificate.

8. In the Issue Let's Encrypt certificate dialog, specify the following:

Name: Name of the certificate.

Description: Description of the certificate.

Usage: HALB and/or Secure Gateway.

Key size: Key size.

Country code: Code of your country.

Full state or province: Name of your state or province.

City: Your city.

Organization: Name of your organization.

Organization unit: Name of your organization unit.

E-mail: Email address of your organization.

Common name: Publicly accessible domain name which can be resolved to the HALB or Secure Gateway directly or through 3rd partly load balancers .

Alternative names: Publicly accessible domain names which can be resolved to the HALB or Secure Gateway directly or through 3rd partly load balancers.

9. Click Save.

To renew a Let’s Encrypt certificate:

1. In the RAS Console, navigate to Farm > Certificates.

2. Right-click the Let’s Encrypt certificate that you want to renew.

3. In the context menu, select Control > Renew.

To revoke a Let’s Encrypt certificate:

1. In the RAS Console, navigate to Farm > Certificates.

2. Right-click the Let’s Encrypt certificate that you want to revoke.

3. In the context menu, select Control > Revoke.

4. In the Revoke Certificate dialog, select the reason why you want to revoke the certificate.

5. Click Revoke.

Known Issues and Limitations

• Let’s Encrypt provides only Domain Validation Certificates (DV).

• Let’s Encrypt uses rate limits as described here: https://letsencrypt.org/docs/rate-limits/ .

Documentation and References

• Let’s Encrypt home page https://letsencrypt.org/

• Let’s Encrypt - How It Works https://letsencrypt.org/how-it-works/

• Let’s Encrypt port 80 best Practice https://letsencrypt.org/docs/allow-port-80/

Was this article helpful?

Tell us how we can improve it.