Free and Easy-to-install SSL Certificate

Overview

Starting with version 9.20, Terminal Service Plus provides an easy to use feature to generate of a free and valid SSL certificate.

In 3 mouse clicks you will get a secured valid certificate, renewed automatically, and configured automatically into Terminal Service Plus built-in web server.

This feature uses Let's Encrypt to provide a free and secure SSL certificate for your HTTPS connections.

Prerequisites

Please ensure that your Terminal Service Plus server meet these requirements before using the Free Certificate Manager:

It is not possible to get a certificate for an IP address, be it public or private.

It is not possible to get a certificate for an internal domain name (i.e. a domain which only resolves inside your private network).

Free Certificate Manager GUI

To open Terminal Service Plus Free Certificate Manager GUI, open Terminal Service Plus AdminTool, click on "Security", then click on "Free Certificate Manager" as shown in the screenshot below:

Screenshot 1

The Free Certificate Manager GUI will open and remind you about the prerequisites, as shown in the screenshot below:

Screenshot 2

Please read carefully and check that your server meet all the requirements, then click on the "Next" button.

Step 1: Enter your Email

As shown in the screenshot below, you only need to enter a valid email address.

This email will not be used to spam you. Actually it will not even be sent to Terminal Service Plus or any third party, except the certificate issuer: Let's Encrypt.

They will only contact you if needed, according to their Terms Of Service.

Screenshot 3

Enter a valid email, then click on the "Next" button.

Step 2: Accept the Terms Of Service

As shown in the screenshot below, you will be able to open Let's Encrypt Terms Of Service by clicking on the big button.

Screenshot 4

To accept these Terms Of Service and continue, check the checkbox and click on the "Next" button.

Step 3: Enter the server's Domain Name

As shown in the screenshot below, you only need to enter your server's public domain name.

Screenshot 5

This is the public Internet accessible Domain Name, something like gateway.your-company.com

As explained in the GUI, do not add a protocol prefix and/or a port suffix, just enter the clean domain name.

The certificate will be generated for this domain name, and it will only be valid on a web page hosted at this domain name. If your users connect to your Web Portal using https://server1.example.com:1234, then you must enter "server1.example.com".

Enjoy your Certificate!

Terminal Service Plus Free Certificate Manager will now use all the data to connect with Let's Encrypt, validate that you really own the domain name you typed, and get the matching valid certificate.

Once the program receives the certificate, it will automatically handle all the required file format conversions and softly reload Terminal Service Plus built-in web server in order to apply the new certificate to every new connection. The web server is not restarted and no connection is stopped.

Certificate Renewal

Let's Encrypt certificates are valid for 90 days.

Terminal Service Plus will automatically renew the certificate every 60 days for safety. A check is done at every reboot of the Windows server, and then every 24 hours.

You can manually renew your certificate by opening the Free Certificate Manager tool. It will display the domain name of the certificate and its expiration date, as shown in the screenshot below.

Screenshot 6

To manually renew your certificate, just click on the "Next" button.

Best Practices

If no error occurs, Terminal Service Plus will renew the certificate automatically every 60 days. We recommend that you check every 60-70 days that your certificate has been automatically renewed.

We also recommend that you backup at least every month the following folder and its sub-folders:

C:\Program Files (x86)\TSplus\UserDesktop\files\.lego

This is an internal folder, containing your Let's Encrypt account private key, as well as the key pair of your certificate.

Troubleshooting

In case of an error, please contact support and email them the following log file:

C:\Program Files (x86)\TSplus\UserDesktop\files\.lego\logs\cli.log

This log file (and maybe the other log files in the same folder) should help our support team to investigate and to better understand the issue.

If you want to restore a previously used certificate, go to the folder:

C:\Program Files (x86)\TSplus\Clients\webserver

It will contain every "cert.jks" files used. These are the "key store" files and we never delete them, we only rename them with the date and time of their disabling.

Error Codes



Discover all TSplus features »