Manual Installation¶
Introduction¶
The purpose of this document is to describe how the different server roles of OVD Enterprise can be installed on all the supported operating systems. The OVD server roles can be installed on separate servers. This is recommended with an OVD farm in production
Prerequisites¶
Please make sure that all servers meet minimal system and hardware criteria for their corresponding OVD roles as listed in requirements.
Each server you plan to install will require internet access.
Important
In this document, we are using sm.test.demo
for the OSM resource name,
oac.test.demo
for the OAC, aps.test.demo
for the OAS and web.test.demo
for the OVD Web Access.
You need to use the resource name that is configured for your own environment. The resource name can be an IP address, an FQDN or a hostname. It cannot be a URI context, a protocol or a port.
Version Code¶
Throughout this document, download links will use a version code specific to the version of OVD you are using.
You will find the version code on the Inuvika OVD supported versions page. You may also contact Inuvika to request the code.
Ubuntu LTS¶
Elevate your shell to the superuser if you are not already root:
Repository¶
You need to add the Inuvika Ubuntu repository to each server you plan to install.
Important
To run these commands, replace any instance of {VERSION_CODE}
with the version code
as described in the Version code section.
-
Update the package database:
-
Upgrade all currently installed packages:
-
Install the apt-transport-https package:
-
Create a file /etc/apt/sources.list.d/ovd.list and add the following line:
- For Ubuntu 22.04 LTS (Jammy Jellyfish):
-
Install the keyring package to validate the repository using gpg:
- For Ubuntu 22.04 LTS (Jammy Jellyfish):
-
Update the package database:
RHEL¶
Repository¶
You need to add the Inuvika RHEL repository to each server you plan to install.
Important
To run these commands, replace any instance of {VERSION_CODE}
with the version code
as described in the Version code section.
-
Edit the
/etc/yum.repos.d/ovd.repo
file to add the following content: -
Install the EPEL repository:
Info
The EPEL repository is a separate repository which provides many additional software packages not provided by the default RHEL repositories.
-
Update the package database:
OVD Session Manager (OSM)¶
Firewall Configuration¶
The OSM requires specific ports to be open in your firewall. Follow the instructions below to configure default firewalls.
-
If using UFW (default firewall for Ubuntu):
-
Open port 443/TCP for inbound traffic:
-
Open port 1111/TCP for inbound traffic:
-
-
If using firewalld (default firewall for RHEL):
Warning
The following rules will open ports to communication in both directions. Administrators should review and verify all necessary firewall rules in case you need a more restrictive implementation.
-
Open port 443/TCP:
-
Open port 1111/TCP:
-
Activate updated firewall rules:
-
Note
For more detailed firewall configuration, please refer to the Firewall and Ports.
Installing on Ubuntu LTS¶
Installing MySQL¶
The OSM needs access to a MySQL database. We advise you to setup the MySQL server on the same machine as the OSM to minimize network access time.
-
Install the
mysql-server
package -
Define the MySQL root password
-
Open a MySQL shell
Apply the following instructions within this shell
-
Create a database
-
Create a user, replacing a placeholder
[ovd_password]
with a secure password for this user -
Allow the user to operate on the database
-
Reload MySQL configuration and exit the session
-
Package Installation¶
-
Keep the default Kerberos configuration:
-
Install the following OVD package:
-
The installer will prompt for an admin login and a password, and for confirmation of the password.
The OSM is now installed but not yet ready as the configuration requires the use of the OVD Administration Console. Please follow the next section to install the Administration Console and finish the configuration of the OSM.
Installing on RHEL¶
SELinux Configuration¶
Important
This configuration only applies to SELinux enabled systems. For more information please refer to section Security-Enhanced Linux
-
Install the
policycoreutils-python
package: -
Allow Apache to listen on port 1111:
-
Allow Apache to listen on port 1112:
-
Allow http daemon to send mail:
-
Add required capabilities for php-fpm:
-
Allow password change:
-
Allow Apache to connect to AD/LDAP server:
-
Change the context for files in
/var/spool/ovd/
: -
Change the context for files in
/var/log/ovd/session-manager/
: -
Change the context of files in
/usr/lib/fontconfig/cache/
: -
Change the context of files in
/etc/ovd/session-manager/
: -
Change the context of the file
/etc/ovd/session-manager/sessionmanager.cron
: -
Create and deploy additional policy rules:
-
Create and open the file
/tmp/ovd_sm.te
: -
Insert the following content and close the file:
module ovd_sm 1.0; require { type useradd_t, httpd_sys_rw_content_t; type httpd_t, fonts_cache_t; type var_run_t; type collectd_rw_content_t; type logrotate_t; class file getattr; class file write; class dir setattr; class sock_file write; } allow useradd_t httpd_sys_rw_content_t: file write; allow httpd_t fonts_cache_t: dir setattr; allow httpd_t var_run_t:sock_file write; allow logrotate_t collectd_rw_content_t:file getattr;
-
Create a type file for the SELinux policy:
-
Package the policy:
-
Install the policy:
-
Remove temporary files:
-
Installing MySQL¶
The OSM needs access to a MySQL database. On RHEL, the mysql database package is provided by mariadb. We advise you to setup the MySQL server on the same machine as the OSM to minimize network access time.
-
Install the
mysql
package: -
Enable and start the service
-
Define the mysql root password
-
Open a MySQL shell:
Apply the following instructions within this shell:
-
Create a database
-
Create a user
Warning
Replace
[ovd_password]
with a secure password for this user -
Allow the user to operate on the database
-
Reload MySQL configuration and exit the session
-
Package Installation¶
-
Install the following OVD package:
-
Launch the configuration tool and set admin login and password
-
Enable and restart Apache service
The OSM is now installed but not ready as the configuration requires the use of the OVD Administration Console.
OVD Administration Console (OAC)¶
Firewall Configuration¶
The OAC requires specific ports to be open in your firewall. Follow the instructions below to configure default firewalls.
-
If using UFW (default firewall for Ubuntu):
-
Open port 443/TCP for inbound traffic:
Note
TCP 443
(HTTPS) will only be available if you chose to enable HTTPS access during Administration Console installation. -
Open port 80/TCP for inbound traffic:
-
-
If using firewalld (default firewall for RHEL):
Warning
The following rules will open ports to communication in both directions. Administrators should review and verify all necessary firewall rules in case you need a more restrictive implementation.
-
Open port 443/TCP:
-
Open port 80/TCP:
-
Activate updated firewall rules:
-
Note
For more detailed firewall configuration, please refer to the Firewall and Ports.
Installing on Ubuntu LTS¶
-
Install the following OVD package:
-
The installer will require the resource name of the OVD Session Manager (e.g.
sm.test.demo
) -
The installer will prompt whether to enable HTTPS access to the Administration Console if it detects that HTTPS access is not already enabled on the system. If HTTPS access is enabled, after completing the installation, both HTTP and HTTPS access to the Administration Console will be available.
Installing on RHEL¶
SELinux Configuration¶
Important
This configuration only applies to SELinux enabled systems. For more information please refer to section Security-Enhanced Linux
-
Install the
policycoreutils-python
package: -
Change the context for files in
/var/spool/ovd/
: -
Add required capabilities for php-fpm:
-
Allow Apache to connect to the network:
Package Installation¶
-
Install the following OVD packages:
-
Launch the Administration Console configuration tool
-
Specify the resource name of the OVD Session Manager (e.g.
sm.test.demo
) -
Select whether to enable HTTPS access to the Administration Console. This message is displayed only if HTTPS access is not already enabled on the system. If HTTPS access is enabled, after completing the configuration, both HTTP and HTTPS access to the Administration Console will be available.
-
Enable and restart Apache service
Configuration¶
The first step is to go to http://oac.test.demo/ovd/admin
and authenticate
yourself with the admin login and password you provided during installation.
The first time you log in, the system detects that it is not configured so you are redirected to a basic setup page which will save a default configuration.
On this page, you setup the MySQL configuration. For example, if you installed MySQL on the same host as described above, you would use the following configuration:
- Database Type:
MySQL
- Database host address:
localhost
- Database username:
ovd
- Database password:
[ovd_password]
(replace with the actual password you set) - Database name:
ovd
- Table prefix:
ovd_
After a successful configuration, Terms and Conditions - Inuvika End-User License Agreement appears. Please read carefully before accepting.
OVD Application Server (OAS)¶
Firewall Configuration¶
Microsoft Windows¶
The OAS requires specific ports to be open in your firewall.
Follow the instructions below to open ports on the Windows Firewall
using netsh
via Command Prompt (run as administrator).
For any other type of firewall, please refer to its official documentation to open the ports described below.
-
Open port 1112/TCP for inbound traffic:
-
Open port 3389/TCP for inbound traffic:
Note
For more detailed firewall configuration, please refer to the Firewall and Ports.
Linux¶
The OAS requires specific ports to be open in your firewall. Follow the instructions below to configure default firewalls.
-
If using UFW (default firewall for Ubuntu):
-
Open port 1112/TCP for inbound traffic:
-
Open port 3389/TCP for inbound traffic:
-
-
If using firewalld (default firewall for RHEL):
Warning
The following rules will open ports to communication in both directions. Administrators should review and verify all necessary firewall rules in case you need a more restrictive implementation.
-
Open port 1112/TCP:
-
Open port 3389/TCP:
-
Activate updated firewall rules:
-
Note
For more detailed firewall configuration, please refer to the Firewall and Ports section.
Installing on Microsoft Windows¶
Before installing the OAS, the Inuvika OVD Session Manager (OSM) must be installed and running. Furthermore if the RDSH role has just been installed, the server must be rebooted before installing the OAS.
Inuvika provides two Windows installers for the OAS:
- An
.exe
setup (recommended) - An
.msi
package
Installation using the .exe
setup is recommended because it ships all
dependencies whereas the .msi
package is provided for automation purposes
(auto-deployement) and requires the installation of external dependencies.
Dependencies for the MSI package
Before installing the MSI package, you will need to install the following dependencies:
- Microsoft Visual C++ Redistributable for Visual Studio 2017 - x86
- Microsoft Visual C++ Redistributable for Visual Studio 2017 - x64
Visit the Microsoft website for the latest versions.
In addition, you may want to visit the following Chocolatey references as Inuvika has validated them for automation: vcredist2017 & vcredist2008.
Download the OAS installer from this location: https://archive.inuvika.com/ovd/{VERSION_CODE}
Important
Replace {VERSION_CODE}
with the version code
as described in the Version code section.
Copy the OAS installer to the Windows Server machine you wish to install it on and run it.
The only installation data required is resource name of the OVD Session Manager. We use sm.test.demo
here as an example, but of course, you
have to specify your own domain name.
When the installation is complete, the Windows OVD service should be configured and running. To check the status, go to the Windows Services and search for Inuvika OVD Agent.
Installing on Ubuntu LTS¶
-
Keep the default davfs2 configuration:
-
Install the OAS packages:
-
The only information required is the resource name where the OSM can be accessed. We use
sm.test.demo
in this example, but of course, you have to use your own resource name.Important
If you choose to install OAS on the same machine as OSM, enter
127.0.0.1
for the resource name.
Installing on RHEL¶
SELinux Configuration¶
Important
This configuration only applies to SELinux enabled systems. For more information please refer to section Security-Enhanced Linux
-
Install
policycoreutils-python
package -
Change context for files in
/var/spool/xrdp_printer/
-
Create and deploy additional policy rules
-
Create and open a file
/tmp/ovd_aps.te
-
Insert following content and close the file
module ovd_aps 1.0; require { type smbd_t, cupsd_var_run_t; type logwatch_mail_t, logwatch_cache_t; type pulseaudio_t, httpd_sys_rw_content_t, system_dbusd_t; type initrc_var_run_t, fusefs_t, initrc_state_t; class file { append create getattr lock open read write }; class dir { add_name create read setattr write }; class sock_file read; } allow smbd_t cupsd_var_run_t:sock_file read; allow logwatch_mail_t logwatch_cache_t:dir { add_name write }; allow logwatch_mail_t logwatch_cache_t:file { append create getattr open }; allow system_dbusd_t httpd_sys_rw_content_t: file { append }; allow pulseaudio_t httpd_sys_rw_content_t: file { read write }; allow pulseaudio_t fusefs_t:dir { add_name create read write }; allow pulseaudio_t initrc_var_run_t:file { read write }; allow pulseaudio_t fusefs_t:file { create getattr lock open read write }; allow pulseaudio_t initrc_state_t:file { getattr read write };
-
Create a type file for SELinux policy
-
Package policy
-
Install policy
-
Remove temporary files
-
Package Installation¶
-
Install the cups package:
-
Configure the cups service:
-
Install the OAS packages:
-
Enable the XRDP services
-
Register host/IP address of the OVD Session Manager:
Important
If you choose to install OAS on the same machine as OSM, enter
127.0.0.1
for the resource name. -
Enable the ovd-slaveserver service
-
Reboot the server
OVD File Server (OFS)¶
Firewall Configuration¶
The OFS requires specific ports to be open in your firewall. Follow the instructions below to configure default firewalls.
-
If using UFW (default firewall for Ubuntu):
-
Open port 1112/TCP for inbound traffic:
-
Open port 1113/TCP for inbound traffic:
-
Open port 445/TCP for inbound traffic:
-
-
If using firewalld (default firewall for RHEL):
Warning
The following rules will open ports to communication in both directions. Administrators should review and verify all necessary firewall rules in case you need a more restrictive implementation.
-
Open port 1112/TCP:
-
Open port 1113/TCP:
-
Open port 445/TCP
-
Activate updated firewall rules:
-
Note
For more detailed firewall configuration, please refer to the Firewall and Ports.
Installing on Ubuntu LTS¶
-
Install the OFS package:
-
The only information required is the resource name where the OSM can be accessed. We use
sm.test.demo
here for the example, but of course, you have to set your own domain name.
Important
If you choose to install OFS on the same machine as OSM, enter 127.0.0.1
for the resource name.
Installing on RHEL¶
SELinux Configuration¶
Important
This configuration only applies to SELinux enabled systems. For more information please refer to section Security-Enhanced Linux
-
Install the
policycoreutils-python
package: -
Allow Apache to access ntfs/fusefs volumes:
-
Allow Samba to export ntfs/fusefs volumes:
-
Allow Apache to listen on port 1113:
-
Change the context for files in
var/lib/ovd/slaveserver/fileserver-data/
: -
Create and deploy additional policy rules:
-
Create and open the file
/tmp/ovd_fs.te
: -
Insert the following content and close the file:
module ovd_fs 1.1; require { type init_t; type logwatch_mail_t; type logwatch_cache_t; type samba_unconfined_net_t; type winbind_rpcd_t, fusefs_t; class capability { dac_override dac_read_search }; class dbus send_msg; class dir { add_name ioctl read write }; class file { append create getattr open read write }; } allow logwatch_mail_t logwatch_cache_t:dir { add_name write }; allow logwatch_mail_t logwatch_cache_t:file { append create getattr open }; allow winbind_rpcd_t fusefs_t:file { read write }; allow winbind_rpcd_t fusefs_t:dir { ioctl read }; allow winbind_rpcd_t self:capability { dac_override dac_read_search }; allow init_t samba_unconfined_net_t:dbus send_msg;
-
Create a type file for the SELinux policy:
-
Package the policy:
-
Install the policy:
-
Remove temporary files:
-
Package Installation¶
-
Install the
samba
package: -
Enable samba service
-
Install the OFS package:
-
Register host/IP address of the OVD Session Manager:
Important
If you choose to install OFS on the same machine as OSM, enter
127.0.0.1
for the resource name. -
Enable the ovd-slaveserver service:
-
Reboot the server:
OVD Web Access (OWA)¶
In this example, we are using web.test.demo
as the OWA resource name.
Firewall Configuration¶
The OWA requires specific ports to be open in your firewall. Follow the instructions below to configure default firewalls.
-
If using UFW (default firewall for Ubuntu):
-
Open port 80/TCP for inbound traffic:
-
Open port 443/TCP for inbound traffic:
Note
TCP 443
(HTTPS) will only be available if you chose to enable HTTPS access during OVD Web Access installation. -
Open port 1112/TCP for inbound traffic:
-
-
If using firewalld (default firewall for RHEL):
Warning
The following rules will open ports to communication in both directions. Administrators should review and verify all necessary firewall rules in case you need a more restrictive implementation.
-
Open port 80/TCP:
-
Open port 443/TCP:
-
Open port 1112/TCP:
-
Activate updated firewall rules:
-
Note
For more detailed firewall configuration, please refer to the Firewall and Ports.
Installing on Ubuntu LTS¶
-
Install the OWA package:
-
The installer will require the resource name of the OVD Session Manager (e.g.
sm.test.demo
)
To access the OWA, navigate to http://web.test.demo/ovd/
using a web browser.
Installing on RHEL¶
SELinux Configuration¶
Important
This configuration only applies to SELinux enabled systems. For more information please refer to section Security-Enhanced Linux
-
Install the
policycoreutils-python
package: -
Add required capabilities for php-fpm:
-
Allow Apache to connect to the network:
SELinux Configuration 3.3¶
-
Change the context for files in
/var/spool/ovd/
: -
Create and deploy additional policy rules:
-
Create and open the file
/tmp/ovd_webaccess.te
: -
Insert the following content and close the file:
1. Create a type file for the SELinux policy:module ovd_webaccess 1.0; require { type tomcat_t; type var_spool_t; type httpd_sys_rw_content_t; class dir { add_name getattr remove_name search write }; class file { create getattr open read unlink write }; } #============= tomcat_t ============== allow tomcat_t var_spool_t:dir { add_name getattr remove_name search write }; allow tomcat_t var_spool_t:file { create getattr open read write unlink }; allow tomcat_t httpd_sys_rw_content_t:dir { add_name getattr remove_name search write }; allow tomcat_t httpd_sys_rw_content_t:file { create getattr open read write unlink };
-
Package the policy:
-
Install the policy:
-
Remove temporary files:
-
Package Installation¶
-
Install the OWA package:
-
Register host/IP address of the OVD Session Manager:
Important
If you choose to install OFS on the same machine as OSM, enter
127.0.0.1
for the resource name. -
Configure the ovd-slaveserver service:
-
Start the ovd-slaveserver service:
Package configuration¶
-
Enable and start the Guacamole Bridge service
-
Enable guacamole service
-
Enable and restart Apache service
OVD Enterprise Secure Gateway¶
Firewall Configuration¶
The ESG requires specific ports to be open in your firewall. Follow the instructions below to configure default firewalls.
-
If using UFW (default firewall for Ubuntu):
-
Open port 1112/TCP for inbound traffic:
-
Open port 443/TCP for inbound traffic:
-
-
If using firewalld (default firewall for RHEL):
Warning
The following rules will open ports to communication in both directions. Administrators should review and verify all necessary firewall rules in case you need a more restrictive implementation.
-
Open port 1112/TCP:
-
Open port 443/TCP:
-
Activate updated firewall rules:
-
Note
For more detailed firewall configuration, please refer to the Firewall and Ports.
Installing on Ubuntu LTS¶
- Install the ESG package using the following command. Enter the host/IP address of the OVD Session Manager (OSM) when prompted:
The installation of the ESG is now complete. The installation process automatically starts the ovd-slaveserver service and the ESG server will appear in the Unregistered Servers page in the Administration Console. If the server is not listed but the installation was successful, then there may be a firewall issue.
Installing on RHEL¶
SELinux Configuration¶
Security-Enhanced Linux (SELinux) is a Linux kernel security module that
enhances the security of your system. In RHEL distributions, SELinux
is enabled by default and runs in enforcing
mode.
To verify the status of SELinux on any node, run the following command:
The expected (and default) SELinux status is enabled
, with current mode set to
enforcing
. If current mode is set to permissive
, SELinux is running, but
mandatory access control is not enforced. In that case, you might want to set
the mode to enforcing
:
- Edit the
/etc/selinux/config
file and set theSELINUX
variable to enforcing:
Important
If SELinux is disabled
and you want to enable it, follow the official Red
Hat documentation:
Changing SELinux States and Modes.
If you prefer to keep SELinux disabled, you can skip the rest of this section.
-
Install packages that allow modification of SELinux policies and rules:
-
Create and deploy additional policy rules
-
Create and open a file
/tmp/ovd_esg.te
-
Insert the following content and close the file:
-
Create a type file for the SELinux policy:
-
Package the policy:
-
Install the policy:
-
Remove temporary files:
-
Installation¶
-
Install the ESG package using the following command:
-
Register host/IP address of the OVD Session Manager:
-
Configure the ovd-slaveserver service:
-
Start the ovd-slaveserver service:
The installation of the ESG is now complete. The ovd-slaveserver service has been started and the ESG server will appear in the Unregistered Servers page in the Administration Console. If the server is not listed but the installation was successful, then there may be a firewall issue.
TLS/SSL Server Certificate¶
The ESG requires the use of an X.509 certificate for secure communication.
A self-signed certificate is generated during the installation, but this is only designed for evaluation purposes. Self-signed certificates are not for production use.
Without a signed certificate installed, all users will receive a security warning in their browsers preventing them from accessing the service.
Warning
Before switching your OVD service to production or even deploying to a significant number of users, you must replace the self-signed certificate with a signed certificate obtained from a Certificate issuer.
Identify the service access point¶
The certificate issuer will ask for a Common Name (CN). This information is critical as failure to provide the correct name will result in an unusable certificate.
For an OVD environment the CN of the certificate is the ESG service access point, also called
the fully
qualified domain name (FQDN).
For example, if your ESG service is available at ovd.example.com
and you expect all your users
to use this name to access OVD, this is the FQDN you must provide as the certificate CN.
Warning
In digital certificates a CN can not be an IP - it must be a name (as DNS).
Alternative access points, such as DNS entries and / or IP addresses, can be configured using the Subject Alternative Name (SAN) extension.
For multiple service access points or more complex configurations, please contact your certificate issuer and/or contact Inuvika.
Install the issued certificate¶
Once your certificate issuer has received your information, you will be given the certificate attached to a private key file, as well as a number of Intermediary CA certificates used by your provider. Please download all these X.509 certificates in PEM representation.
Once you have downloaded all the X.509 files, they must be concatenated in a single PEM file in a specific order. Use a text editor to create a file named ovd-esg-issued.pem and copy the content of each file into it in this exact order:
- Private key
- Server certificate
- Intermediary CA certificate +1
- Intermediary CA certificate +x
Once this is done you may install the certificate on the ESG:
-
Copy the ovd-esg-issued.pem file to the ESG host
-
Create a copy of the self-signed PEM file as a backup:
-
Copy the file containing the new certificate to the file
-
Reload/restart the ESG service to activate the new SSL certificate
Use a web browser to go to your ESG service access point using HTTPS (in our example:
https://ovd.example.com/
) and verify that the communication is secure and the given certificate is
the one you received from your issuer.
OVD Web Access Configuration¶
For security reasons, the ESG isn't configured to allow communication to the OVD Web Access (OWA) by default. The configuration can be changed to allow access. This will allow you to then provide a single secure (SSL) connection point for all clients (EDC, EMC, OWA).
Note
The OWA itself may be configured to provide secure access to users outside the LAN. This requires the use of a third party network component, such as a Reverse Proxy and/or a Firewall (NAT redirection).
In such cases, the ESG is not mandatory to provide a WAN access, but this is only for the OWA! An ESG is required for WAN access from EDC / EMC.
To enable the OWA access in the ESG:
-
Edit the configuration file
/etc/ovd/slaveserver/slaveserver.conf
and locate the line: -
Uncomment the variable and set the value to the URL of your OWA. For example:
-
Save the file and restart the slaveserver service.
Advanced Configuration Settings¶
The ESG configuration is stored in the file
/etc/ovd/slaveserver/slaveserver.conf
. The configuration may be
adjusted by editing the file and changing the contents of the
Gateway section as described below:
address
: 0.0.0.0 (default). Defines the IP address of network interface on which the ESG should bind. By default, the ESG binds on all the network interfacesport
: 443 (default). Defines the port to use.max_process
: 10 (default). Defines the maximum number of processes to run on the ESG server.max_connection
: 100 (default). Defines the maximum number of connections that can be opened on the ESG server.process_timeout
: 60 (default). Defines the timeout in seconds per process-
connection_timeout
: 10 (default). Defines the timeout in seconds per connection -
admin_redirection
: true or false (default). Use this setting to allow access to the OVD Administration Console through the ESG. This parameter is deprecated with ovd 2.9. It is replaced byadmin_host
-
admin_host
: hostname, ip address or url. Use this setting to allow access to the OVD Administration Console through the ESG. It replace the parameteradmin_redirection
-
web_client
: hostname, ip address or url. Use this setting to allow access to the OVD Web access through the ESG. -
root_redirection
: Use this setting to define the root path for the Gateway. For example, enter the value/ovd
to automatically redirect a connection request forhttps://gw.demo
tohttps://gw.demo/ovd
-
http_keep_alive
: true (default) or false. Enable or disable session keep alive. -
certificate_path
: gateway.pem (default). Location to the TLS/SSL server certificate file to use for the ESG.
Important
Don't forget to restart the slaveserver service after any configuration change.
Next steps¶
To finalize your installation, please follow Initial Configuration.