How to Deploy the Cloud Services appliance (Management Gateway) certificate to clients

Version 2

    Verified Product Versions

    Endpoint Manager 9.6

    Deploy Cloud Services appliance (Management Gateway) certificate to clients

    The LANDesk Cloud Services appliance also allows computers that are off-campus or behind a firewall that are unable to communicate to the LANDesk Core to send inventory scans, check for policies via the management gateway.   This allows you to perform software distribution via policy, patch management and have clients send inventory scans back to the core server from off campus without using the VPN.

    NOTE: Before a client can successfully use this feature it must be issued a certificate by the LANDesk Core.  In order to initially receive a certificate your client must be either located on the network or connected via VPN.

    This is a manual process and does not happen automatically. Remote control is a separate feature and does not require a certificate to function properly.

    For clients that currently available in LANDesk you can use the script "Create Management Gateway Certificate" under Public Scripts and deploy this to your clients.  This script will automatically request a certificate from the LANDesk core server provide it your clients.

    It is recommended you only target or deploy certificates to mobile devices such as a laptop, as most desktop machines are unlikely to be brought off campus and do not require the use of the management gateway.

    You can accomplish manually or even write a query only showing laptops (using Computer:System:Has Battery=Yes) in LANDesk and target your computers this way.

    You can also manually request a certificate by launching BrokerConfig.exe under C:\Program Files\LANDesk\LDClient (or C:\Program Files (x86)\LANDesk\LDClient for 64-bit clients). You must use a valid login for the LANDesk Management console (not LANDesk Cloud Services Appliance).  Enter your credentials and click "Send" to request a certificate.

    Finally, you can verify the client was successfully issued a certificate by looking in the folder: C:\Program Files\LANDesk\Shared Files\cbaroot\broker (or C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker for 64-bit clients)
    You should see three files present in this directory: broker.crt, broker.csr, and broker.key.