Client installation on Unicon eLux devices
Import the deviceTRUST certificate chain
The deviceTRUST eLux Client is signed with a certificate that must first be trusted by both ELIAS and the eLux devices. Full details of how to import certificates into ELIAS and deploy them to eLux devices can be found by searching for ‘Organizing certificates for package validation’ within the eLux documentation. The latest deviceTRUST certificate chain can be downloaded here.
- The import of the deviceTRUST certificate chain is only necessary when the eLux environment is configured to check the signatures of packages. However, it is good practice to ensure that the packages match the certificates.
Within ELIAS:
- Import
devicetrust-gmbh-20210321.pem
intoTrusted Issuer
. - Import
globalsign-extended-validation-codesigning-ca-sha256-g3-20240615.pem
andglobalsign-intermediate-20280128.pem
intoIntermediate CA
. - Import
globalsign-20280128.pem
intoTrusted Root CA
.
Within the Scout console:
- Deploy all of the above
pem
files into the/setup/cacerts/
folder of the eLux device.
Install the package
Within ELIAS:
- Ensure that the required ‘deviceTRUST Client’ package has been imported into the package library.
- If you’ve imported the deviceTRUST certificate chain, then check the signatures of the package.
- Assign the ‘deviceTRUST Client’ package to the image.
For ICA support, ensure the ‘deviceTRUST ICA Client, Vx.x.x-x’ option is active under the defined package ‘deviceTRUST Client, Vx.x.x-x’. For RDP support, ensure the ‘deviceTRUST RDP Client, Vx.x.x-x’ option is active under the defined package ‘deviceTRUST Client, Vx.x.x-x’.
Within the Scout console:
- Update your eLux devices.
To enable the RDP virtual channel, within your eLux Scout console navigate to Enterprise > [eLux version number] > Applications > RDP, and select properties, then ‘Free parameters’. Add variable ‘FreeRdpParams’ with value ‘/dvc:deviceTRUST’.
Next time you connect using ICA or RDP to a server with a licensed deviceTRUST Host, the properties of your eLux device will be available within your virtual session.
Deploy the ripe.stat root certificate
To ensure the deviceTRUST eLux client can successfully obtain whois information you will need to ensure that the required root certificate is deployed to all your eLux devices.
To obtain the root certificate, navigate to stat.ripe.net within your browser and save the certificate to disk as a base-64 encoded X. 509 file.
Within the Scout console select ‘Advanced device configuration\Files’ on the device container, import the certificate and deploy to your device certificate store location.