Can I use SSL/HTTPS between Package Server(s) and clients?
A Remote Package Server can be configured to use SSL/HTTPS to communicate with clients if configured properly.
The site server certificate generator tool AeXGenSiteServerCert.exe (Program Files\Altiris\Notification Server\Bin\Tools\) lets you create a site server certificate. The certificate name must match the name of the site server. Also, this certificate is signed by the special Notification Server certificate authority (CA) certificate (“SMP NS_NAME Agent CA” located in Trusted Root Certificate Authorities store).
If you do not have your own corporate certificate authority, this tool lets you easily set up HTTPS on your site servers. You can add a root certificate authority (CA) to the Trusted Root Certificate Authorities store on the managed computer. You can add the appropriate certificate either by using Managed Software Delivery or by using an Active Directory group policy.
- A Server Class Windows OS is preferred for a Package Server , if available.
- If the Package Server is a Windows XP box then IIS should be installed.
- To install IIS on Windows XP go to "Control Panel","Add or Remove Programs", "Add/Remove Windows Components", Select "Internet Information Server (IIS) from the "Windows Component Wizard" and follow the prompts to install.
- A SSL certificate should be installed on the Package Server after IIS has been installed as the "Default Web Site" and configured for port 443.
- If you use a Public Certificate that's generally purchased from Commercial Companies (search internet for "SSL Certificates") then SSL Certificate support should already be built into the Web Browser. This is preferred since your Agents will be ready to communicate without installing a certificate manually.
- Test your SSL Connection from clients to the intended Package Server using Internet Explorer prior to installing the Package Server Agent.
- Configure your Package Server HTTPS Published Codebase Types from "Configure","Package Servers", "Package Server Setup", "Settings" Tab in the 6.5 Console. Beyond this configure your Package Server as you would any other.
- SSL/HTTPS communication requires additional CPU resources on both the server and clients, considerably more than would be used via UNC and SMB methods.