Dell KACE: Applying an SSL Certificate to the K1000

KACE's documentation was a little lacking here, so I thought I'd do a quick write up to describe the procedure I followed to successfully apply generate and apply an SSL Certificate.

Generate a CSR
Prior to completing this task, make sure you goto Settings>Network Settings and make sure your Web Server name is in FQDN format.  Example:  K1000.dell.com
Now onto generating the CSR.
Generate a CSR (Certificate Signing Request) by clicking Settings>Security Settings>"Open SSL Certificate Wizard" on the K1000.

You will be presented a web page that has all the typical fields to create a CSR.  When you've filled all these in you will click on the "Set CSR Options" button.  This will generate the CSR on the bottom half of the page.  You will copy the CSR as directed on the page, and apply for a SSL Certificate with a vendor.  My company uses Thawte, so we did it through their Enterprise portal.  I pasted in the CSR with the option ApacheSSL and generated the new certificate.  I'm assuming each vendor will be slightly different, but look for an option called ApacheSSL or something along those lines.

Once your certificate is signed you will need to copy and paste is from your vendor's website to a text file.  You will want it in X.509 format for the KACE to be able to apply it properly.  You can also choose to save it with the file extension x509 or cer, so you know what it is later.

Take a backup of your K1000 prior to applying the SSL certificate.  
Go to Settings>Server Maintenance Tab> Edit Mode
Click on "Run Backup".
This will take about 5 minutes.  When completed and you can reconnect to the K1000, go back to the Settings>Server Maintenance Tab>Edit Mode and download the backup files somewhere safe.
Also make sure SSH is enabled so that KACE can get into the K1000 if you mess up :).

Applying the Certificate
On the K1000 goto Settings>Security Settings>edit mode
On the bottom of the page goto "Set SSL Certificate File:" and click the "Choose File" button.  Select the file you saved the certificate text into and click OK.

You will also need the intermediate certificate for Thawte (may not be true for all vendors.  Refer to their installation instructions to obtain the correct intermediate certificate for your server.)

Under Optional SSL Settings, put checks in only these 2 boxes:
Enable port 80 access
SSL Enabled on port 443

Click the "Set Security Options" button to finalize all the changes.  Your clients will now begin communicating with the server via SSL.  You can now deploy the agents using the SSL option and turn off the Security Settings option to enable port 80 access when you are sure all your agents are connecting via this method if desired.