HTTPS Communication to PolicyManager 14.20

Scholar

HTTPS Communication to PolicyManager 14.20

Hello,

 

i want switch the communication from the clients to the server from http to https.

 

Do i have to export a certificate first to the clients?

 

On the clients when i try:

https://policymanager:httpsPORT/

There is a problem with the security certificate of the website.

 

Kind regards

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Superuser

Re: HTTPS Communication to PolicyManager 14.20

There is no client certificate to be distributed.
The server has a self signed certificate.

ClientSecurity "knows" the certificate that is in use, so what you see is only from a browser.
If you prefer you can replace that with a company certificate.
If your Clients are V14 they will automatically switch to https
Port 80 will only be used for Updates.

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

3 REPLIES 3
Superuser

Re: HTTPS Communication to PolicyManager 14.20

There is no client certificate to be distributed.
The server has a self signed certificate.

ClientSecurity "knows" the certificate that is in use, so what you see is only from a browser.
If you prefer you can replace that with a company certificate.
If your Clients are V14 they will automatically switch to https
Port 80 will only be used for Updates.

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Superuser

Re: HTTPS Communication to PolicyManager 14.20

Hello,

 

> The server has a self signed certificate.

 

I wonder if F-Secure could supply each Policy Manager Server with a proper (not self-signed) certificate, based on the unique customer number which was used to register them?

 

Best regards: Tamas Feher, Hungary.

Highlighted
Superuser

Re: HTTPS Communication to PolicyManager 14.20

The only task this certificate has is to encrypt the traffic, No authentication, no verification, no signing.
There is no difference in accepting a (self-signed) certificate by own trust or by accepting thze certificate because a CA has signed it, which I trust.
I you feel you only want to allow a CA signed certificate, you can still use your company CA and provide a certificate to the server, as long as you can ensure this will be trusted by windows.

To me it sounds like a lot of hasle for what benefit?

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de