Generating CSR for SSL Certificate.
Before generating the CSR for SSL certificate, make sure to add the IIS role on device services and console server.
Select Server on the left and double click on “server certificate” under IIS
Click on “create certificate request” .
Under common name , use the exact domain name which you have bought form a public domain provider , this will be the public DNS name of your AirWatch Device services server.
Select bit length of 2048.
Now we have the CSR ready .
Processing Certificate Signing Request with Certificate Authority
I am using comodo SSL certificate for this installation. comodo SSL are trusted by both Apple and Android devices and certified by Airwatch as well .
The good part is you can register for a 90 days free trail license for testing before making a purchase.I have also bought public DNS for the AirWatch Device Services server from GoDaddy (awemm.redingtonvault.com). You need the domain before you can apply for the SSL certificate.
Here is have used the CSR I have generated in previous step.
Enter the domain you have bought here to complete the wizard, SSL certificate will be issued against this domain.
Once you complete the process, SSL certificate along with root and intermediate certificate will be emailed to you on successful domain validation.
Configuring SSL Certificate on Application server (Device Services Server):
First we will configure the root certificate:
Open the MMC console – File – Add/Remove sanp-in
Use computer account.
Click on certificate on left hand side and select add ..
Once this done, go to certificate – trusted root certificate – right click on trusted root certificate – select all task and import
Follow the wizard and import the root certificate .
Browse to the location of root certifcate , select and open
Similarly import the intermidiate certificate by right clicking on intermidiate certificate folder .follow the the above process , once the import is done close the MMC console.
Now we will install the SSL certificate for our domain.
Once certificate request is completed, you can see your SSL certificate is visible under server certificates as highlighted above.
Next step is to perform https binding for default website.
Under sites, select “Default website” – click on binding on right hand side.
Click add, change the type to https. Mentioned the FQDN of host and select your SSL certificate.
For testing, write the FQDN of your device services server with HTTPS and you should be able to see the green secure lock. Refer to the above screenshot.
In the Next part, I will cover the application server configuration.