Product Documentation

Configuring Certificates

Oct 08, 2015

In App Controller, certificates are used to create secure connections and authenticate users.

To establish a secure connection, a server certificate is required at one end of the connection. A root certificate of the Certificate Authority (CA) that issued the server certificate is required at the other end.

  • Server certificate. A server certificate certifies the identity of a server. App Controller requires this type of digital certificate.
  • Root certificate. A root certificate identifies the CA that signed the server certificate. The root certificate belongs to the CA. The user device requires this type of digital certificate to verify the server certificate.

You can configure certificate chains, which contain intermediate certificates, between the server certificate and the root certificate. Both root certificates and intermediate certificates are referred to as trusted certificates.

When establishing a secure connection with a web browser on a user device, App Controller sends its certificate to the user device.

When receiving a server certificate, the web browser (for example, Internet Explorer) on the user device checks to see which CA issued the certificate and if the CA is trusted by the user device. If the CA is not trusted or if it is a test certificate, the web browser prompts the user to accept or decline the certificate (effectively accepting or declining the ability to access the site).

Note: You can only install Privacy Enhanced Mail (PEM) and Personal Information Exchange (.pfx) certificate files on App Controller.

App Controller requires root and server certificates to communicate in the following ways:

  • Between App Controller and the App Controller management console
  • Between applications and App Controller
  • Between App Controller and StoreFront

You might need to install several certificates on App Controller to facilitate secure communication. Each certificate serves a specific communication purpose.

App Controller requires the following three certificates:
  • Secure SSL server certificate that is used for secure connections to the management console and for communicating with StoreFront
  • Secure SSL server certificate for communicating between App Controller and applications that require an SSL certificate for user account management
  • Secure SSL certificate for communication between App Controller and SAML applications that require an SSL certificate

If you configure a SAML application in App Controller, such as Google Apps, you might need to upload a SAML certificate to App Controller. For more information about SAML certificates, see the application documentation.