Overview of Certificate Management
Nerdio Manager allows you to manage certificates for AVD hosts, servers, and Intune devices.
Enable Script Signing
Nerdio Manager allows you to enable signing scripts that Nerdio Manager uses to deploy applications. You can manage what certificates are used for that. Once signing is enabled, we execute UAM scripts under AllSigned policy, so make sure proper deployment policies are assigned to certificates to deliver them to the target devices.
To enable script signing at the MSP level:
At the MSP level, navigate to Settings > Integrations.
In the Unified Application Management tile, next to script signing paused, select activate.
When prompted, select OK.
Optionally, to pause script signing, select pause.
To enable script signing at the Account level:
At the Account level, navigate to Settings > Integrations.
In the Unified Application Management tile, select enable script signing.
When prompted, select Confirm.
Optionally, to pause script signing, select pause.
Add a Certificate at the MSP Level
Nerdio Manager allows you to manage certificates at the MSP level.
Note: You can upload .cer files to make the certificates available to session hosts. You can export the certificate from a Windows computer where it is installed. Be sure to use the "Base-64 encoded X.509" format.
To add a certificate at the MSP level:
At the MSP level, navigate to Applications > Certificates.
-
Select Add certificate.
-
Enter the following information:
Target: From the drop-down list, select the target.
Certificate: Select Choose File to select the certificate file.
Password: If the .PFX file is protected with a password, type the password.
-
Once you have entered the desired information, select OK.
Note: Optionally, you may delete an unassigned certificate by selecting Delete from the action menu.
Set an MSP-level Certificate as the Active Certificate
If you are deploying applications to Global Images at the MSP level, you need to select which certificate is being used to sign the scripts at the MSP level. The a 'Set as active' action designates the selected certificate as the active certificate.
To set as active an MSP-level certificate:
At the MSP level, navigate to Applications > Certificates.
Locate the certificate you wish to work with.
-
From the action menu, select Set as active.
On the confirmation pop-up, select OK.
Assign an MSP-level Certificate to Accounts
Nerdio Manager allows you to assign MSP-level certificates to accounts.
To assign an MSP-level certificate to accounts:
At the MSP level, navigate to Applications > Certificates.
Locate the certificate you wish to work with.
-
Select Assign.
-
From the drop-down list, select the account(s) to assign the certificate to. Optionally, select All to assign the certificate
Notes: Remove an account to unassign it. Those account lose access to the certificate.
Once you have selected the accounts, select OK.
Add a Certificate at the Account Level
Nerdio Manager allows you to manage certificates at the account level.
To add a certificate at the account level:
At the Account level, navigate to Applications > Certificates.
-
Select Add certificate.
-
Enter the following information:
Target: From the drop-down list, select the target.
Certificate: Select Choose File to select the certificate file.
Password: If the .PFX file is protected with a password, type the password.
-
Once you have entered the desired information, select OK.
Note: Optionally, you may delete an unassigned certificate by selecting Delete from the action menu.
Manage Certificate Policy at the Account Level
Nerdio Manager allows you to manage certificate policy at the account level. This enables you to specify where the certificate is going to be installed: AVD, Servers, and/or Intune.
To manage certificate policy at the account level:
At the Account level, navigate to Applications > Certificates.
Locate the certificate you wish to work with.
-
Select Change policy.
From the Targets drop-down list, select the target(s) where the certificate is going to be installed.
Once you have selected the targets, select OK.
Install Certificates on AVD, Servers, and Intune
Once you specify a policy at the account level, the certificates can be automatically installed on devices on that account.
Intune Devices
If you enable Intune targets, a new Account-level Configuration Profile is created that distributes the certificates targeted for Intune across managed endpoints.
Host Pools
If you enable AVD targets, you can configure a host pool to automatically install all AVD enabled certificates. See Overview of Host Pools VM Deployment for details.
Desktop Images
If you enable AVD targets, you can configure a desktop image to automatically install all AVD enabled certificates. See Overview of Desktop Images for details.
Servers
If you enable Servers targets, you can configure a server to automatically install all Server enabled certificates. See Overview of Servers for details.
Comments (0 comments)