Previous page

Next page

Locate page in Contents

Assigning a certificate to Gateways and HALB

After you add a certificate to a Site, you can assign it to a RAS Secure Client Gateway, HALB, or both depending on the usage type that you specified when you created the certificate (described in the beginning of this chapter). More on the certificate Usage option below.

Certificate usage

Certificate Usage is an option that you specify when you create a certificate. It specifies whether the certificate should be available for RAS Secure Client Gateways, HALB, or both. When setting this option, you can choose from the following:

  • Gateway: If selected, makes the certificate available for RAS Secure Client Gateways.
  • HALB: If selected, makes the certificate available for HALB.

You can select one of the options above or both, in which case the certificate becomes available for both, Gateways and HALB. For details on how to create a certificate and choose these options, please see Generating a self-signed certificate and Generating a certificate signing request (CSR).

When you configure SSL for a RAS Secure Client Gateway or HALB later, you need to specify an SSL certificate. For the information on how to do this, please see SSL/TLS encryption and Configuring HALB in the RAS Console. When you select a certificate, the following options will be available depending on how the Usage option is configured for a particular certificate:

  • <All matching usage>: This is the default option, which is always available. It means that any certificate on which the Usage selection matches the object type (Gateway or HALB) will be used. For example, if you are configuring a Gateway and have a certificate that has Usage set to "Gateway", it will be used. If a certificate has both, Gateway and HALB usage options selected, it can also be used with the given gateway. This works the same way for HALB when you configure the LB SSL Payload. Please note that if you select this option for a Gateway or HALB, but not a single matching certificate exists, you will see a warning and will have to create a certificate first.
  • Other items in the Certificates drop-down list are individual certificates, which will or will not be present depending on the certificate's Usage settings. For example, if you configure LB SSL Payload for HALB and have a certificate with the Usage option set to "HALB", the certificate will appear in the drop-down list. On the other hand, certificates with Usage set to "Gateway" will not be listed.

As another example, if you need just one certificate, which you would like to use for all of your Gateways, you need to create a certificate and set the Usage option to "Gateways". You can then configure each Gateway to use this specific certificate or you can keep the default <All matching usage> selection, in which case the certificate will be picked up by a Gateway automatically. Same exact scenario also works for HALB.

Gateways

To assign a certificate to a RAS Secure Client Gateway:

  1. Navigate to Farm > Site > Gateways.
  2. Right-click a gateway and choose Properties.
  3. Select the SSL/TLS tab.
  4. In the Certificates drop-down list, select the certificate that you created.
  5. Click OK.

Please note that you can also select the <All matching usage> option, which will use any certificate that either has the usage set to Gateway or both Gateway and HALB.

HALB

To assign a certificate to a HALB, navigate to Farm > Site > HALB. Assuming that your HALB is enabled and configured, and the LB SSL Payload option is selected, follow the instructions below:

  1. Click Configure next to the LB SSL Payload option.
  2. A certificate must be used when the Mode option is set to SSL Offloading. Once again, assuming it is selected, continue to the next step.
  3. Click Configure.
  4. In the SSL dialog, select the certificate in the Certificates drop-down list.

As with gateways, you can also select the <All matching usage> option, which will use any certificate that has the usage set to HALB or both HALB and Gateway.