5 Replies Latest reply on Jan 8, 2008 9:21 PM by ryse

    Secure IIS(Packages) Via Core Cert...

    Apprentice

      Hi guys...

       

       

       

       

       

      I was just curious to see if there was a way to lock down an IIS virtual directory with the cores Cert... I know its done on the default website on the core because  when I click view Certificate under directory security I see the cores Cert.  I have a package Virtual directory that my packages point to although even though directory browsing is turned off if A student  knew the direct path they could download a package which contains volume licence keys.. 

       

       

       

       

       

       

      So Im thinking if i require SSL on the virtual directory  and in the package put https then in theory this should work fine...? So I got the cert to import just fine although on in the console when setting the package URL via the console it does not accept https.. If I found this string in the database and changed it would this work??  

       

       

       

       

       

      Has anyone tried this?

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

      Thanks in advance!

        • 1. Re: Secure IIS(Packages) Via Core Cert...
          dportillo SupportEmployee

          I haven't tested this, but as far as securing your packages IIS directory, you may want to duplicate the security settings configured for the Default Web Site\landesk\ManagementSuite\Core\ssl folder. Also, I believe the path to your distribution packages is stored in the database table PACKAGE_FILES_HASH.

          • 2. Re: Secure IIS(Packages) Via Core Cert...
            Apprentice

             

            Thanks for the reply.

             

             

            What im wondering is how the agent will act when contacting the https location of the package (If the URL is altered in the database) . I believe during a remote control the agent uses the .0 certificate to communicate with the core... So during a software deployment task would the agent use the certificate to download the package from the https location?

             

             

            I dont want the public key to be in the local machines certificate store.. because then that defeats the purpose of only allowing the agent to download packages..  I would like the Agent to use its .0 cert file when downloading packages from a https website ( package share )

             

             

            Thanks 

             

             

            • 3. Re: Secure IIS(Packages) Via Core Cert...
              Apprentice

               

              The landesk .0 cert has nothing to do with downloading files from an encrypted iis (https) share. It is just like downloading a file from an https file with your browser -- you dont need any certs on your machine -- its all handled by iis. The cert on the client isnt the same kind of cert used to encrypt iis anyways. However you can potentially setup iis to 'require client certificates' -- this essentially uses a cert instead of a user/pass to ID the client. It may be possible to setup iis to do that and then look for one of the certs used by your core that would be on the client. Thats a lot of work and may not even be possible due to the way we do http(s) requests from the client.

               

               

              All you need is authentication to your http shares -- you dont really need encryption do you? I would say just setup your shares with a user/pass and then add the credentials into the preferred server list on the core. (Actually I am not 100% sure we support http authentication for SWD.. but its worth a try.)

               

               

               

               

               

              • 4. Re: Secure IIS(Packages) Via Core Cert...
                Employee

                Only through preferred servers.

                1 of 1 people found this helpful
                • 5. Re: Secure IIS(Packages) Via Core Cert...
                  Apprentice

                   

                  Thanks for the replies... Sorry for the missunderstanding  ?:|

                   

                   

                  Encryption is not needed I just was talking about using the certificate for authentication.. I thought If I required credentials the agent would not know how to supply them.. I didn't know you could have a prefered server pointing to a URL. I thought it was only UNC shares..