• Endpoint Manager On-Premise Deployment Guide
• How It Works
• Hardware Requirements
• Network Communication
• Firewall Requirements
• Software Requirements
• DNS Requirements
• SSL Requirements
• Export Certificate For Use On Endpoint Manager And Tigase Server
• Installation Via Installer
• Manual Installation
• Manual Upgrade
• SMTP Settings
• About Comodo Security Solutions

SSL Requirements

• We recommend you to use a wildcard certificate.

• You may to have certificates for each subdomain specified above.

• Currently required to have wildcard ssl certificate for ITSM-server *.company.local and the same certificate or specific one for tigase xmpp.company.local.

• If you don’t have real domain and trusted SSL certificate you can generate self-signed certificates by yourself.

• Note: Endpoints couldn’t work with self-signed certificate on tigase. In this case you will never get green online status on ITSM-server for endpoints and also remote control will not work.

For minimal configuration it is required to have set of certificates and keys for each server (ITSM, tigase).

Setup SSL certificates for Endpoint Manager (ITSM)

Place valid ssl certificate and key into /opt/itsm/web/certs under the names cert.crt and cert.key.

Note: Private key must be without passphrase as web server could not work with those.

# create directorysudo mkdir -p /opt/itsm/web/certs# 
copy prepared certificate and key to destinationcp /path/to/your/certificate.crt
 /opt/itsm/web/certs/cert.crtcp /path/to/your/certificate.key /opt/itsm/web/certs/cert.key

If you don’t have valid certificates:

It is possible to issue self-signed certificate key-pair.

But in this case you need to allow unsecured access in the browser and some features will be dropped.

Next commands create self-signed certificates:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/itsm/web/certs/cert.key 
-out /opt/itsm/web/certs/cert.crt

Note: Your certificate CN (common name) domain should be the same as ITSM_DOMAIN variable value specified in .env.

Setup SSL certificates for TIGASE

Place valid pem certificate for domain specified in TIGASE_DOMAIN into /opt/tigase/certs.

Filename should be in following pattern {TIGASE_DOMAIN}.pem.

Note:

• Certificate name should be exactly as TIGASE_DOMAIN value specified in .env file. For example, above certificate filename should be yourdomain.com.pem without prefix “xmpp.”

• Certificate bundle must contain root CA certificate. For creation valid certificate need to concatenate private.key + certificate.crt + chain.crt + root.crt

sudo mkdir -p /opt/tigase/certscat cert.key cert.crt chain.crt root.crt >
 your.domain.pemsudo mv your.domain.pem /opt/tigase/certs/