4 Replies Latest reply on Nov 17, 2015 8:27 AM by slatey

    use own certificate from CA

    RobLent Specialist

      Is it possible to use a certificate in LDMS from our own internal CA?

       

      I know this all works fine but there are a couple of areas within LDMS, Software Licensing Monitoring for one, that when clicked on present a certificate warning.

       

      This is obviously due to the fact that the self generated certificate on the Core server is not trusted by our clients in IE only by the LDMS agent.

       

      We have our own CA so can I use a certificate from there?

       

      Rob

        • 1. Re: use own certificate from CA
          Apprentice

          Hello Rob,

          Did you by chance get an answer to your question, or test it yourself?  I would like to do the same.

           

          Thank you!

          • 2. Re: use own certificate from CA
            Apprentice

            The self-signed certificate created during the LANDesk installation seems to be a necessity. Using your own cert from an in-house or 3rd party CA isn't supported.

             

            Pre-Trusting the LANDesk Certificates

             

            They recommend deploying the certificate as trusted via group policy.

            • 3. Re: use own certificate from CA
              Apprentice

              Thanks for the reply.  I did see that, but I don't know if I buy it to be honest.

               

              The default certificate used by the IIS binding is not even mentioned in their article, and isn't present in the Keys directory.  I was hoping someone had tried it and could say for sure, what it breaks.

               

              I just want to make a web interface friendly for our end users and do what I can to get rid of self-signed certificates wherever possible.

              • 4. Re: use own certificate from CA
                Apprentice

                Completely understood with regards to the self signed certs.


                I have a 9.6 test core and I changed the binding from LANDesk Secure Token Server to a cert from our CA and I didn't notice any immediate problems. It might possibly break the new BridgeIT SSO stuff and Service Desk functionality, but I can't speak to that decidedly. It did let me in and passed through my creds - another time it prompted me for login credentials.


                Keep in mind, when they say it isn't supported, all that usually means is LANDesk won't support it if anything goes wrong, not necessarily that it won't work.