I haven't tested this, but as far as securing your packages IIS directory, you may want to duplicate the security settings configured for the Default Web Site\landesk\ManagementSuite\Core\ssl folder. Also, I believe the path to your distribution packages is stored in the database table PACKAGE_FILES_HASH.
Thanks for the reply.
What im wondering is how the agent will act when contacting the https location of the package (If the URL is altered in the database) . I believe during a remote control the agent uses the .0 certificate to communicate with the core... So during a software deployment task would the agent use the certificate to download the package from the https location?
I dont want the public key to be in the local machines certificate store.. because then that defeats the purpose of only allowing the agent to download packages.. I would like the Agent to use its .0 cert file when downloading packages from a https website ( package share )
The landesk .0 cert has nothing to do with downloading files from an encrypted iis (https) share. It is just like downloading a file from an https file with your browser -- you dont need any certs on your machine -- its all handled by iis. The cert on the client isnt the same kind of cert used to encrypt iis anyways. However you can potentially setup iis to 'require client certificates' -- this essentially uses a cert instead of a user/pass to ID the client. It may be possible to setup iis to do that and then look for one of the certs used by your core that would be on the client. Thats a lot of work and may not even be possible due to the way we do http(s) requests from the client.
All you need is authentication to your http shares -- you dont really need encryption do you? I would say just setup your shares with a user/pass and then add the credentials into the preferred server list on the core. (Actually I am not 100% sure we support http authentication for SWD.. but its worth a try.)
1 of 1 people found this helpful
Only through preferred servers.
Thanks for the replies... Sorry for the missunderstanding ?:|
Encryption is not needed I just was talking about using the certificate for authentication.. I thought If I required credentials the agent would not know how to supply them.. I didn't know you could have a prefered server pointing to a URL. I thought it was only UNC shares..