Skip to content

Uploading the PCoIP Management Console Certificate to an Endpoint

If your endpoints are configured with a discovery method and security level that require them to have a PCoIP Management Console certificate in their trusted certificate store before they can connect to the PCoIP Management Console, you can either upload the PCoIP Management Console certificate to a group of endpoints using a PCoIP Management Console profile, or you can upload the PCoIP Management Console certificate locally using each endpoint’s AWI. Depending on your security requirements, you can upload either a PCoIP Management Console issuer certificate (that is, the root CA certificate (or intermediate certificate) that was used to issue a PCoIP Management Console server certificate) or you can upload the PCoIP Management Console server’s public key certificate.

For information on PCoIP Management Console certificates, see Managing PCoIP Management Console Certificates.

Uploading PCoIP Management Console Certificates to Endpoints

Note: All certificates must be in PEM format

All PCoIP Management Console certificates must be issued in PEM format.

To upload the PCoIP Management Console certificate for a group of endpoints using PCoIP Management Console:

  1. Ensure that all ungrouped endpoints are moved from the ungrouped category into a group.

    Possible modifications due to your deployment

    Depending on your site configuration, this may require modifications to your DHCP options or DNS SRV records, or it may require disabling persistent auto-configuration or placing the endpoints into a segregated network with a new PCoIP Management Console.

  2. Ensure that every group (or at least one parent group) is associated with a profile.

  3. Update all existing profiles to push the new certificate to endpoints. For each profile:

    1. From the PCoIP Management Console’s top menu click PROFILE.

    2. Click the NEW PROFILE button.

    3. Enter a name and description for the profile in their respective fields.

    4. Click the + tab beside the SETTINGS OVERVIEW tab and then select the appropriate type of profile (e.g. TERA2: CLIENT [DUAL], TERA2 HOST [QUAD]) that applies to your endpoints and click ADD.

    5. In the SOFTWARE section, ensure the correct Firmware Version is selected for your endpoints.

    6. Click SECURITY in the left navigation pane, scroll down to Certificate Store, and select Set in Profile.

    7. Click Add New, browse to your PCoIP Management Console public key certificate, highlight it and click Open. (This certificate must have a .pem extension)

    8. Click Upload.

    9. Ensure the correct usage type is selected for any specialized certificates such as 802.1x and Syslog.

      Certificate Usage type Limitation

      Only one specialized usage type can be selected in one profile. Any subsequent certificate selected for the same usage type will cause the previous certificate to change usage type to No Usage.

      802.1x and Syslog options are disabled when you upload certificates without a private key

    10. Click SAVE at the top of the page.

    11. Apply the profile immediately or create a schedule to update your group(s) with the profile.

Tip: Using the Tera2 Endpoint AWI

If a Tera2 endpoint's AWI is enabled, you can directly access it via the Management Console ENDPOINT DETAILS page and selecting the WEB INTERFACE button. This will allow you to directly manage a single Tera2 endpoint if required.

From the Management Console homepage:

  1. Select ENDPOINTS.

  2. Find your endpoint in the GROUPED or UNGROUPED tab and highlight it.


  4. Select the WEB INTERFACE button.

For more information about using the endpoint AWI after selecting the WEB INTERFACE button see Remote Workstation Card Firmware Administrators' Guide or PCoIP Zero Client Firmware Administrators’ Guide.