Free SSL certificate and easy to install
As of version 9.20, Terminal Service Plus provides an easy to use feature to generate a free and valid SSL certificate.
In 3 mouse clicks you will get a valid and protected certificate, with automatic renewal and configuration, on the integrated TSplus web server.
This feature uses Let’s Encrypt to provide a free and secure certificate for your HTTPS connections.
Please make sure that your Terminal Service Plus meets these requirements before using the free certificate manager.
- You must use the integrated HTTP web server listening to port 80. This is required by the domain ownership validation process of Let’s Encrypt.
- Your server domain name must be accessible from the Internet. This is also required to validate that you are the real owner of the domain.
- You must run this program on the Gateway server or on a standalone server, not on an Application server (except if your Application server is accessible from the Internet and has a public domain name).
It is not possible to get a certificate for an IP address, neither public nor private.
It is not possible to get a certificate for an internal domain name (for example, a domain that only resolves within your private network).
Certificate manager interface
To open the certificate manager, open the TSplus administration tool, click on “Security” and then on “Free Certificate Manager” as shown in the following screenshot:
The Certificate Manager interface will open and remind you of the prerequisites, as shown in the following screenshot:
Step 1: Enter your email
As shown in the screenshot below, you only need a valid email address.
This address will not be used to send you advertising. In fact, it will not be sent to TSplus or any third party, except to the issuer of the certificate: Let’s Encrypt. They will only contact you if necessary, according to their Terms of Service.
Enter a valid email, and click on “next”.
Step 2: Accept the Terms of Service
As shown in the screenshot below, you should be able to open the Let’s Encrypt Terms of Service by pressing the large button.
To accept these Terms of Service and continue, check the box click on “next”.
Step 3: Enter the Domain Name of the server
As shown in the screenshot below, you only need to enter the public domain name of the server.
That is, the domain name accessible from the Internet, something like gateway.su-empresa.com
As explained in the interface, do not add a prefix and/or protocol suffix, just the clean domain name.
The certificate will be generated for that domain name, and will only be valid in a web hosted in that domain name. If your users connect to your Web Portal using https://server1.ejemplo.com:1234, then you must enter “server1.ejemplo.com”.
Enjoy your certificate!
The TSplus Certificate Manager will now use all the data to connect with Let’s Encrypt, validate that the domain name entered is their possession, and obtain the corresponding valid certificate.
Once the program receives the certificate, it will automatically perform all file format conversions and reload the integrated web server to apply the new certificate to each new connection. The web server is not restarted and no connection will be stopped.
Let’s Encrypt certificates are valid for 90 days.
TSPlus will automatically renew the certificate every 60 days for security. A check is made at each restart of the server, and every 24 hours.
You can also manually renew your certificate by opening the free certificate management tool. The domain name of the certificate and its expiration date will be displayed, as shown below.
To manually renew your certificate, just click on “next”.
If there is no error, TSplus will renew the certificate automatically every 60 days. We recommend that you check every 60-70 days that your certificate has been renewed.
We also recommend that you do a copy at least monthly of the following folder and its subfolders:
C:Program Files (x86)TSplusUserDesktopfiles.lego
This is an internal folder, which contains the private key of your Let’s Encrypt account, as well as the key pair of your certificate.
In case of error, please contact support and send us the following registration file by email:
C:Program Files (x86)TSplusUserDesktopfiles.legologscli.log
This log file (and maybe the others in the same folder) should help our support team investigate and better understand the failure.
If you want to restore a previously used certificate, go to the folder:
C:Program Files (x86)TSplusClientswebserver
This will contain every “cert.jks” file that has been used. These are the “key stores” and we will never erase them, we will only rename them with the date and time of their deactivation.
- Error 801: the certificate manager was not able to register his Let’s Encryp account. Check your internet connection. Check that your email is not already registered. Try again with another email account.
- Error 802 and Error 803: The Certificate Manager was unable to retrieve the address of the Let’s Encrypt Terms of Service. This error does not prevent you from continuing, you can still accept the Terms of Service – be sure to read them first in your browser of course.
- Error 804: The Certificate Manager was not able to validate its agreement with the Terms of Service on the Let’s Encrypt servers. Check your Internet connection. Try again
- Error 805 & Error 806: The Certificate Manager was not able to validate ownership of the domain that was introduced during the creation of the certificate/Error 805) or its renewal (Error 806). Check all the prerequisites again. Check your Internet connection. Check that your web server is listening to port 80. Check that you are not using a third-party web server such as IIS or Apache. Check that your domain name is accessible from the Internet.