AppV 5.1 – Configuring SSL for AppV Management/Publishing and Reporting Services

This is a follow on my previous post – Installing Microsoft App-V 5.1 on Windows Server 2016 and Load Balance AppV 5.1 using Netscaler 11.x/12.x on how to secure the communication within App-V by using SSL instead of the default HTTP

NOTE: Before continuing , please ensure you have a valid certificate authority in the domain to send and authorise the certificate require. No Adjustement to the Load Balancer is required as it is configured with TCP rather than  HTTP.

Configure App-V Web Services for SSL

Step 1: Load Internet Information Services (IIS) on the AppV Server, then Select Server certificates

APPV-SSL1

Step 2: At the Action Panel, Select Create Domain certificate

APPV-SSL2

Step 3: Enter the following information, then Click Next

  • Common Name: LAB-APPV.WILKYIT.COM (the load balanced name of AppV)
  • Organization: WILKYIT.COM
  • Organizational Unit: WILKY
  • City/Locality: BELFAST
  • State/Province: UK
  • Country/Region: GB

APPV-SSL3

Step 4: At Online Certificate Authority, Click Select at Specify Online Certificate Authority

APPV-SSL4

Step 5: Select the appropriate CA, in my case the below is selected.

APPV-SSL5

Step 6: Enter a common friendly name for the certificate and click Finish

APPV-SSL6

Step 7: Confirm the certificate now appears on the Server Certificate list.APPV-SSL7

Step 8: Select Microsoft App-V Management Service under sites, Under Action/Edit Site Click Bindings

APPV-SSL8

Step 8: Select the http site, Click EditAPPV-SSL9

Step 9: Change the Port number to a unused port (in my case 50007). Click OK

APPV-SSL10

Step 10: Confirm setting are applied, Click Add

APPV-SSL11

Step 11: Select the following, then Click OK

  • Type: HTTPS
  • IP Address: All Unassigned
  • Port: 50001 (this is the orginal port configred during installation)
  • Host Name: leave Blank
  • SSL Certificate: LAB-APPV

APPV-SSL12

Step 12: Select the http site configured on Port 50007, Click RemoveAPPV-SSL13

Step 13: Click Yes to confirm binding is being removed.

APPV-SSL14

Step 14: Confirm only binding left is the type: https Port: 50001

APPV-SSL15

Step 15: Repeat the same for the Publishing Service/Reporting Service (Step 1-14)

Publishing Service

Use Unused port 50008 during re-configuration in Step 9

  • Type: HTTPS
  • IP Address: All Unassigned
  • Port: 50002 (this is the orginal port configred during installation)
  • Host Name: leave Blank
  • SSL Certificate: LAB-APPV

Reporting Service

Use Unused port 50009 during re-configuration in Step 9

  • Type: HTTPS
  • IP Address: All Unassigned
  • Port: 50003 (this is the orginal port configred during installation)
  • Host Name: leave Blank
  • SSL Certificate: LAB-APPV

Step 16: Repeat all of the above step on additional App-V Server, exporting the Certificate generated in Step 3-6 as a PFX and importing into the 2nd App-V Server

Confirm SSL communicaiton

Step 1: Access the App-V Management Service on https://lab-appv.wilkyit.com:50001

APPV-SSL16

Step 2: Confirm no certificate warning’s or issues with certificate by click the Lock icon on URL bar

APPV-SSL17

Step 3: Confirm with the Publishing/Reporting services as well.

APPV-SSL18APPV-SSL19

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s