Installing the Internal Root CA Certificate in a PCoIP Client¶
Your root CA certificate must be installed in any PCoIP client that will be used to connect to the PCoIP Agent.
Installing Root CA Certificates on a Zero Client¶
Zero clients are managed via an Administrative Web Interface (AWI) and accessed using a web browser. Supported browsers are:
- Firefox 86
- Chrome 60
- Internet Explorer 11
- Microsoft Edge 25
Note: Browser must support TLS
Web browsers must support TLS 1.2 or later to connect to the zero client's Administrative Web Interface.
To upload the root CA certificate to a zero client:
- From a supported browser, enter the IP address of the zero client and log in to its Administrative Web Interface.
- Select the Upload > Certificate menu to display the Certificate Upload page.
- In the Certificate filename field, click Browse, and then navigate to the directory that contains your root CA certificate.
- Select your root CA certificate (.pem) and then click **Open*.
- Click Upload and then OK.
- Click Continue.
If the certificate uploads successfully, it will appear in the Uploaded Certificates section on this page.
Installing Root CA Certificates on a Mobile Client¶
Before you can install the root CA certificate in a PCoIP Mobile Client, you must change the file extension from .pem to .crt.
The .pem extension is used for different types of X509 v3 files that contain ASCII Armor (Base64) data prefixed with a "-----BEGIN" line. The .crt extension is used for certificates that may be encoded either in binary DER format or ASCII PEM format.
Installing Root CA Certificates in the PCoIP Software Client for macOS¶
Important: Root CA Certificate must have a .crt extension
You must change the root CA certificate's extension from .pem to .crt before installing it on a PCoIP Software Client.
In macOS, certificates are stored in the Keychain Access application.
To import your root CA certificate in the PCoIP Software Client for macOS:
- Copy your root CA certificate file (*.crt) to the Mac client desktop.
- Double-click Applications > Utilities Keychain Access.app to open Keychain Access.
- Select File > Import Items.
- Navigate to the desktop and then select your root CA certificate.
- In the Destination Keychain drop-down menu, select System, and then click Open.
- If prompted, enter your Keychain Access password and then click Modify Keychain.
- At the next screen, click Always Trust when asked whether you want your computer to trust certificates signed by this certificate.
- If prompted, enter your Keychain Access password and then click Update Settings.
After the certificate installs successfully, it appears in the System > Certificates list.
Installing Root CA Certificates in the PCoIP Software Client for Windows¶
Important: Root CA Certificate must have a .crt extension
You must change the root CA certificate's extension from .pem to .crt before installing it on a PCoIP Software Client.
Note: Windows must trust your root certification authority
When you use your own private key and certificate, you must add your internal root CA certificate to the Windows Trusted Root Certification Authorities certificate store on the client computer.
Users without a trusted root CA will receive an Unable to get local issuer certificate error and fail to connect.
Note: Active Directory group policies
For information on using Active Directory Group Policy to distribute certificates to client computers, see http://technet.microsoft.com/en-us/library/cc772491.aspx.
To import the root CA certificate for the PCoIP Software Client for Windows:
-
Copy your root CA certificate file (*.crt) to a directory reachable by your Windows client.
-
Open the Microsoft Management Console on the agent machine:
- Press + r to open the run dialog
- type mmc and press Enter.
-
Add the Certificates snap-in:
- Select File > Add/Remove Snap-in.
- Select Certificates from the Available snap-ins list and then click Add.
- Select My user account and then click Finish.
- Click OK.
-
Import the root CA certificate:
- Expand Certificates - Current User.
- Right-click on Trusted Root Certification Authorities, select All Tasks > Import from the context menu, and then click Next.
- Use the Browse button to navigate to the directory where your root CA certificate is located and select your root CA certificate.
- Click Open and then Next.
- Select the option to place all certificates in the Trusted Root Certification Authorities certificate store.
- Click Next and then Finish.
- At the security warning, click Yes.
After the certificate installs successfully, it appears in the Trusted Root Certification Authorities > Certificates list.
Installing in a PCoIP Mobile Client¶
To install your internal root CA certificate on an iOS, Android, or ChromeOS device, consult the documentation for your device. The PCoIP Mobile Client software does not implement certificate installation.
Verifying Certificate Formats¶
If you have OpenSSL installed on your system, you can use it to verify that your root CA certificate is in ASCII PEM format.
To verify that the root CA certificate is in ASCII PEM format:
- Launch openssl from the C:\OpenSSL-Win32\bin directory.
- Type the following command:
x509 -in rootCA.pem -text -noout
If your certificate contents successfully display on the screen, it is encoded correctly as a PEM file.