Configuring the Agent Certificate Mode¶
The PCoIP Agent chooses a certificate based on the parameters set in the Configure PCoIP Security Certificate Settings GPO variable.
Since PCoIP agents automatically generate and use self-signed certificates by default, you only need to configure the Configure PCoIP Security Certificate Settings GPO variable if you are deploying your own custom certificates.
You can configure PCoIP AGents to handle certificates in the following ways:
- Always use self-signed certificates (default)
- Always use local custom certificates
- Attempt to use a local certificate, and revert to self-signed if not found
Note: Import the administrative template file before configuring
The Configure License Server Path GPO variable only appears in the GPO editor after you import the administrative template file.
The example in this section configures the agent to look for the certificate only in the remote workstation's Windows certificate store. The example also gives the store the friendly name of "PCoIP". These settings are mandatory when you deploy your own custom certificates.
To configure the Configure PCoIP Security Certificate Settings GPO variable with a custom certificate:
Open the Local Group Policy Editor on the agent machine:
- Press + r to open the run dialog
- type gpedit.msc and press Enter.
Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > PCoIP Session Variables > Not Overridable Administrator Defaults
Double-click Configure PCoIP Security Certificate Settings to open the variable's dialog.
Select Enabled to enable the setting.
In the How the PCoIP agent chooses the certificate... drop-down list, select From the Certificate Store. A search field will appear next, labelled Name of the Certificate Store to search for CA-signed certificates.
In the search field, enter the name for the certificate in the Windows Cert store. This should be the friendly name of the CA signed cert which appears in the store.
In The minimum key length... drop-down list, select the desired minimum key length (in bits). If you're unsure, specify the actual length of the cert you're using.
Close the Local Group Policy Editor and reboot the desktop to apply your settings.
After the PCoIP agent restarts, you can verify that it is using your custom certificate by checking the agent's level 2 log files.