PCoIP Zero Client and Host Administrator Guide (Issue 5)

ManualsBrandsHP ManualsDesktopHP t310 Zero Client series

361

362

363

364

365

366

367

368

369

370

7. In the Windows 2008 server, import the client certificate into the client user account.

8. From the MC or device's AWI, import the certificates.

Note: The instructions in the following sections are based on Windows Server 2008 R2. If

you are using a newer version of Windows Server, the steps may vary slightly.

Create a Client User

1. Log in to the Windows 2008 server.

2. Click Start > Administrative Tools > Server Manager.

3. Navigate to Roles > Active Directory Users and Computers > Active Directory

Users and Computers > <domain.local> > Users.

4. Right-click Users, select New > User, and then follow the wizard.

Export the Root CA Certificate

1. Log in to the Certificate Authority (CA) server.

2. Open a Microsoft Management Console window (e.g.,enter mmc.exe in the Start

menu search field).

3. From the console window, select File > Add/Remove Snap-in.

4. Add the Certificates snap-in, selecting Computer account and then Local

computer.

5. Click Finish, and then OK to close the Add or Remove Snap-ins dialog.

6. From the console, select Certificates (Local Computer) > Trusted Root

Certification Authorities > Certificates.

7. In the right panel, right-click the certificate, and then select All Tasks > Export.

8. Follow the wizard to export the certificate:

a. Select Base-65 encoded X.509 (.CER).

b. Click Browse, specify a name and location for the certificate, and then click Save.

c. Click Finish, and then OK.

Create a Certificate Template for Client Authentication

1. From the CA server, click Start > Administrative Tools > Certification Authority.

2. Expand the tree for your CA.

3. Right-click Certificate Templates, and then click Manage.

4. Right-click the Computer template, and then click Duplicate Template.

5. Configure the template as follows:

a. From the Compatibility tab, select Windows Server 2003.

b. From the General tab, enter a name for the template (e.g., "zero client 802.1x")

and change the validity period to match the organization's security policy.

c. From the Request Handling tab, select Allow private key to be exported.

d. From the Subject Name tab, select Supply in the request.

e. From the Security tab, select the user who will be requesting the certificate, and

then give Enroll permission to this user.

f. Click OK and close the Certificate Templates Console window.

TER1206003 Issue 5 368

PCoIP® Zero Client and Host Administrator Guide