Gratuit et facile à installer certificat HTTPS

Aperçu

Starting with version 9.20, TSplus provides an easy to use feature to generate a free and valid HTTPS certificate.

In 3 mouse clicks you will get a secured valid certificate, renewed automatically, and configured automatically into Terminal Service Plus built-in web server.

Cette fonctionnalité utilise Let’s Encrypt to provide a free and secure HTTPS certificate for your HTTPS connections.

Prérequis

Please ensure that your Terminal Service Plus server meets these requirements before using the Free Certificate Manager:

Vous devez use Terminal Service Plus built-in web server listening on port 80 for HTTP Esto es requerido por el proceso de validación de propiedad de dominio de Let’s Encrypt.
Tu El nombre de dominio del servidor debe ser accesible from the public Internet. This is required as well to validate that you are the real owner of the domain.
Vous devez run this program on the Gateway server or a Standalone server, not an Application server (except if your Application Server is accessible from the public Internet and has a public domain name).

No es posible obtener un certificado para una dirección IP, ya sea pública o privada.

No es posible obtener un certificado para un nombre de dominio interno (es decir, un dominio que solo se resuelve dentro de su red privada).

Free Certificate Manager GUI

To open Terminal Service Plus Free Certificate Manager GUI, open Terminal Service Plus AdminTool, click on the “Web - HTTPS” tab, then click on “Generate a free valid HTTPS certificate” as shown in the screenshot below:

Screenshot 1

La interfaz gráfica del Administrador de Certificados Gratuito se abrirá y te recordará los requisitos previos, como se muestra en la captura de pantalla a continuación:

Screenshot 1

Please read carefully and check that your server meets all the requirements, then click on the “Ok” button.

Step 1: Introduzca su correo electrónico

This email will not be used to spam you. Actually, it will not even be sent to TSplus or any third party, except the certificate issuer: Let’s Encrypt.

They will only contact you if needed, according to their Terms Of Service.

Step 2: Introduzca el nombre de dominio del servidor

This is the public Internet accessible Domain Name, something like gateway.your-company.com. You can also add another domain name or a subdomain name after clicking on the ”+” button.

As explained in the GUI, do not add a protocol prefix and/or a port suffix, just enter the clean domain name(s).

El certificado se generará para este nombre de dominio y solo será válido en una página web alojada en este nombre de dominio. Si sus usuarios se conectan a su Web Portal utilizando https://server1.example.com:1234 , luego debes ingresar "server1.example.com".

Step 3: Choisir un algorithme de clé

Se utilizará para crear pares de claves y realizar operaciones de firma digital.

Screenshot 4

¡Disfruta de tu certificado!

Screenshot 5

Terminal Service Plus Free Certificate Manager will now use all the data to connect with Let’s Encrypt, validate that you really own the domain name you typed, and get the matching valid certificate.

Once the program receives the certificate, it will automatically handle all the required file format conversions and softly reload the built-in web server in order to apply the new certificate to every new connection. The web server is no restarted and no connection is stopped.

Renewal de certificat

Let’s Encrypt certificates are valid for 90 days.

Terminal Service Plus renouvellera automatiquement le certificat tous les 60 jours pour des raisons de sécurité. Un contrôle est effectué à chaque redémarrage du serveur Windows, puis toutes les 24 heures.

You can manually renew your certificate by opening the Free Certificate Manager tool. It will display the domain name of the certificate and its expiration date, as shown in the screenshot below.

Screenshot 7

To manually renew your certificate, just click on the “Next” button.

El botón "Restablecer dominio" en esta ventana elimina el certificado SSL y reconfigura el servidor web a su estado original antes de usar el Administrador de certificados.

Meilleures pratiques

If no error occurs, Terminal Service Plus will renew the certificate automatically every 60 days. We recommend that you tous les 60 à 70 jours that your certificate has been automatically renewed.

También recomendamos que usted backup mindestens einmal im Monat the following folder and its sub-folders:

C:\Program Files (x86)\TSplus\UserDesktop\files.lego

This is an internal folder, containing your Let’s Encrypt account private key, as well as the key pair of your certificate.

Dépannage

En caso de un error , veuillez contacter le support et leur envoyer le fichier journal suivant :

C:\Program Files (x86)\TSplus\UserDesktop\files.lego\logs\cli.log

Este archivo de registro (y tal vez los otros archivos de registro en la misma carpeta) debería ayudar a nuestro equipo de soporte a investigar y comprender mejor el problema.

Si desea restaurar un certificado utilizado anteriormente , allez dans le dossier :

C:\Program Files (x86)\TSplus\Clients\webserver

It will contain every “cert.jks” files used. These are the “key store” files and we never delete them, we only rename them with the date and time of their disabling.

Código de error

Error 801: Free Certificate Manager was not able to register your Let’s Encrypt account. Check your Internet connection. Check that your email is not already registered at Let’s Encrypt. Try again with another email.
Error 802 & Error 803: Free Certificate Manager could not retrieve Let’s Encrypt Terms Of Service URL address. This is a non blocking error: you can still continue and accept Let’s Encrypt Terms Of Service - be sure to read them from your browser first of course.
Error 804: Free Certificate Manager was not able to validate your agreement to Let’s Encrypt Terms Of Service with Let’s Encrypt servers. Check your Internet connection. Try again.
Error 805 & Error 806: El Administrador de Certificados gratuito no pudo validar que usted posee el dominio que ingresó durante la creación del certificado (Error 805) o la renovación del certificado (Error 806). Verifique nuevamente todos los requisitos previos. Verifique su conexión a Internet. Verifique que su servidor web esté escuchando en el puerto 80. Verifique que no esté utilizando un servidor web de terceros como IIS o Apache. Verifique que su nombre de dominio sea accesible desde Internet público.

HTTPS-Zertifikat-Befehlszeile

Preparing the Certificate Configuration File

Inside the “C:\Program Files (x86)\TSplus\UserDesktop\files\cert” folder, create a file named “FreeCertificateManager.ini” if it does not already exist. Make sure your text editor and/or Windows file explorer does not add an ending “.txt” extension.

Edit the file and write or update it so it has the following format, then save it:

[ajustes]

email = [email protected]

domain = your-server-domain-name.company.com

Creating the Certificate

Como administrador del servidor, ejecute el siguiente comando:

C:\Program Files (x86)\TSplus\UserDesktop\files\cert\CertificateManager.exe /create

Para que este comando sea exitoso:

El archivo "FreeCertificateManager.ini" debe existir y utilizar el formato esperado.
Your TSplus Remote Access server must be up and running
Your TSplus Remote Access Web Portal must be available with protocol

HTTP sur le port 80 du réseau public Internet, car le fournisseur de certificat HTTPS de TSplus l'utilisera pour valider le nom de domaine du serveur.

Renouveler le certificat

Once the certificate is configured and created, TSplus Remote Access will automatically renew it every two months to make sure it never expires.

Adding a Third Party Certificate

Inside the “C:\Program Files (x86)\TSplus\UserDesktop\files\cert” folder, create a file named “certpassword.txt” containing only the certificate password. As a server administrator, run the following command:

C:\Program Files (x86)\TSplus\UserDesktop\files\cert\CertificateManager.exe /add your-certificate-path

If you are using TSplus Advanced Security you might need to temporarily disable the Geographic Protection feature for it to work. You can delete your password file after running the command.