Freek Berson, Principal Outbound Product Manager
By
Principal Outbound Product Manager
  0

Simplify and automate SSL certificate management with Parallels RAS and Lets Encrypt!

Parallels RAS provides simple, automated SSL certificate management and integrates Let’s Encrypt.

The challenges of SSL certificate management

Security is critical in any end user computing environment to protect sensitive data. SSL certificates are an effective way to provide secure access to published applications and desktops. The downside of SSL certificates is that they expire at some point. What makes this particularly challenging is that setting short expiration intervals for SSL certificates is a best practice, so managing certificate renewals can be a headache. It’s very common for organizations to forget about renewals, which leads to entire environments being unavailable. Unsurprisingly, this has a huge impact on the business. In this blog post we’ll show you how to overcome this SSL certificate challenge with automated certificate management and renewals.

This blog post and video are part of our expanding Parallels Tech Bytes series

SSL Certificates made easy with Let’s Encrypt and Parallels RAS

In addition to allowing customers to bring their own SSL certificates, Parallels RAS has direct integration with Let’s Encrypt, a global Certificate Authority (CA). With this integration you can easily and quickly request an SSL certificate, free of charge. You can also address expired SSL certificates via Let’s Encrypt. Its auto-renewal process automatically renews the SSL certificates used in Parallels RAS before they expire, avoiding costly business disruptions. This means continuous SSL security without any manual intervention or human error!

Configure Let’s Encrypt digital certificates in Parallels RAS

Let’s Encrypt SSL certificates can be used by the Parallels High Availability Load Balancer (HALB), the Secure Gateway (SG) directly, or through third-party load balancers. For HALB and SG, SSL certificates are made available automatically, eliminating the need to install them manually. No need to store the private key, work with root and intermediate certificates, or worry about certificate chains. Using Let’s Encrypt also reduces your operational costs of having to deal with certificate operations like renewals, revoked certificates, and unexpected certificate expiration.

Note that Let’s Encrypt requires port 80 to be open to the Secure Gateway, which can be limited to Let’s Encrypt certificate issuance (in the HTTP-01 challenge). Any Parallels RAS communication is via port 443.

SSL certificate lifecycle management in Parallels RAS

The video in this blog shows the Let’s Encrypt integration within Parallels RAS in action. In this video the Parallels RAS Management Portal is used, but the same action can be performed using the Parallels RAS Console.

The first step is to accept the Let’s Encrypt End User License Agreement (EULA) and provide an email address to receive notifications. Next, configure how many days prior to the SSL certificate expiration date that you want the SSL certificates to be renewed. Let’s Encrypt SSL certificates are valid for 90 days and the recommendation is to configure renewal every 60 days. You can then provide the information that is needed to issue a new SSL certificate request and specify to which Parallels RAS components the SSL certificates should apply.

Automated Certificate Management

SSL Certificate lifecycle management in Parallels RAS

After the SSL certificate is issued, log on to the web client and confirm that the website shows up as trusted and the SSL certificate is visible. The SSL certificate is now used to provide secure access to published applications and desktops and will be automatically renewed before it expires. This solution provides full SSL certificate lifecycle management.

Start your SSL certificate management strategy with Let’s Encrypt and Parallels RAS

For more detailed information on the integration between Parallels RAS and Let’s Encrypt, check out this Knowledge Base article: Let’s Encrypt certificate management (parallels.com)

For step-by-step instructions on how to create an SSL certificate signing request, work with digital certificates, and how to overcome expired certificates with certificate management based on Let’s Encrypt, refer to the Parallels RAS Administrator’s Guide.

Learn more about Parallels RAS

Give it a try! Download a Parallels RAS trial