Deploying Trusted Root Certificates

Purpose

IGEL Linux firmware comes with a number of trusted root certificates from certain Certificate Authorities (CA) pre-installed. Lists of these root certificates can be found on IGEL's download server, in the IGEL_UNIVERSAL_DESKTOP_FIRMWARE/LX/ directory. They are named [version]_CA-certificates.txt - for example, the lists for IGEL Linux version 5.11.100 and 10.02.100.

Certificates signed with these root certificates can be used for server authentication and encryption in ICA, RDP, Horizon and browser sessions.You can also verify the origin of Java applications.

Nevertheless, the root certificate you need might be missing when you come to load and distribute it.

Requirements

The certificates must be available in the Base 64file format encoded with the file extension .pem, .crt or .cer.

To check the file format, open the certificate with a text editor. It should look like this:

Certificate Text

Starting with Firmware version 5.05.100, also certificates in DER encoded binary format are supported.

Solution

If you work with UMS version 4.4.100 or higher and LX version 4.12.100 or higher, we advise you to use the following file transfer types for distributing the certificates via the UMS :

Certificate Type

To be used for

Undefined

All-purpose class, you need to set the owner and wccess permissions manually.

Web Browser Certificate

Server authentication/encryption of HTTPS websites in browsers

SSL Certificate

Server authentication/encryption in ICA, RDP or Horizon sessions

Java Certificate

Authentication/encryption for Java applications.

IBM iAccess Certificate

Server authentication/encryption for IBM iAccess sessions.

Common Certificate (all-purpose)

Multiple applications needing a certificate, e.g. if you want to launch an ICA session in a browser, or if you want to secure a Java session on a secure website.

With these file transfer types, you will not need to reboot after installing.

Content

Deploying Certificates via UMS

Installing Certificates manually