The traffic between the users and the RAS Secure Client Gateway is always encrypted. The SSL/TLS tab page allows you to configure data encryption options.
By default, a self-signed certificate is installed during the RAS Secure Client Gateway installation and TLS v1.0, v1.1, or v1.2 is used.
Each RAS Secure Client Gateway has its own certificate, which should be added to Trusted Root Authorities on the client side to avoid security warnings.
If, by any means, you need to generate new certificate, please refer to the following instructions:
SSL accepted versions and cipher strength in Parallels Remote Application Server
Parallels Remote Application Server introduced the ability to enforce and use specific versions of SSL, as well as allowing custom configuration of cipher strength. Check this article for further instructions:
Third-Party Trusted Certificate Authority
Should you prefer using Third-Party Trusted Certificate Authority, generate certificate request in RAS Gateway Properties.
Using Enterprise Certificate Authority
Use IIS to receive a certificate from Enterprise CA. The certificate should be exported in the pfx format and then converted into the PEM format using the OpenSSL tool. Please refer to this article to proceed:
NOTE: The trusted.pem file on the Parallels Client side must include the intermediate certificate to be able to verify the cert from the third party vendor.
If the intermediate certificate for the vendor is not in the trusted.pem file, you will have to paste it in manually, or create a trusted.pem template file with the proper Intermediate Certificates and then replace the old trusted.pem file with the newly updated one.
This file resides in Program Files\Parallels or Program Files(x86)\Parallels on the client side.
Detailed information can also be found in Paralells Remote Application Server Administrators Guilde (part "Configure SSL Encryption on a Gateway")