Applies to partners that have accounts in Nerdio for Azure (NFA) or Nerdio Private Cloud (NPC)
Subject: IMPORTANT: SSL Expiration and Replacement – ACTION REQUIRED
On July 24th, 2021, the SSL wildcard certificate for *.adminportal.pro will be expiring. This SSL certificate is used by all Nerdio for Azure that have been whitelabeled (Whitelabeling Nerdio). Nerdio automation will manage the changes required to update the certificate in your Nerdio environment(s) but you are required to take action before July 24th, 2021 and before the certificate expiration date.
Why am I getting this notice?
You are a Nerdio partner and have active Nerdio for Azure or Nerdio Private Cloud accounts.
What actions do I need to take?
By July 24th, 2021 log into DC01 in each of your Nerdio for Azure deployments and execute the script provided by Nerdio (download the appropriate files). This script will automatically update the SSL certificate on VMs in the environment.
- Notes for NFA (AVD)
The *.adminportal.pro certificate is not used for individual session hosts (the AVD agent and broker service handle this automatically). However, the Nerdio certificate is applied to DC & FS (for admin RDP connectivity), and installed on DC & PRX for AD FS services, so the installation should be completed for AVD environments as well.
For a step by step guide and reference to the PowerShell execution click here.
What will happen if I do not take action?
On July 24th, 2021 the *.adminportal.pro wildcard SSL certificate used by Nerdio for Azure and Nerdio Private Cloud accounts will expire and users will not be able to connect to hosts via RDS sessions or AVD hosts where ADFS is implemented.
What needs to happen if I manually imported the *.adminportal.pro wildcard SSL certificate into my customer’s Thin Client end-user devices?
You can download the latest version of the certificate adminportal.pro.cer. Update the Thin Clients using this updated SSL certificate.
- Does this apply to all my Nerdio for Azure accounts?
- Yes – NFA accounts that use *.adminportal.pro. If you have run the previous Install_AutoCert.ps1 you can run this again to ensure *.adminportal.pro wildcard certificate is updated in the future.
- How long will it be before the new SSL certificate expires again?
- The new certificate is valid for one year. However, you will not have to go through these steps again in the future since the automation installed by the script that you will run is going to update the SSL certificate in the future before it expires.
- Is there anything I need to do on my users’ local devices?
- Check the “trust this publisher” checkbox and the message will no longer come up
- Generate new RDP files in NAP and distribute to the users before July 24th
- The RDP files generated by the Nerdio Admin Portal (NAP) are signed with the then-current SSL certificate. Therefore, after July 24th users of NAP-generated RDP files may receive an “unknown publisher” warning.
- What about PRX01 ADFS proxy server that’s in the DMZ?
- For NFA accounts, Nerdio will perform updates on the PRX01 VMs. This is only relevant if you are using Active Directory Federation Services (ADFS).
- Will I have to do this again in one year when the new certificate expires?
- No. The actions you will take prior toJuly 24th will configure all VMs to automatically update themselves when the certificate expires in 1 year.
What if I still have questions or need help?
Please don’t hesitate to contact us at firstname.lastname@example.org and we’ll answer any questions you may have.
Downloads for NFA
- adminportal.pro.cer- certificate file - Current certificate for *nerdio.net
- Install_AutoCert.ps1 - PowerShell script - Script to execute on DC01