Hi,
I am wondering if there are any real life experience with upgrading from HTTP to HTTPS, and what kind of considerations you took when doing the upgrade. Also if there were any errors encountered when doing so?
May 17, 2019 06:08 AM
Following up on our issue with configuring the proxy settings for the FlexNet Beacon. Since the FlexNet Beacon Service runs by default as SYSTEM, it does not make use of the IE proxy settings. You can either have the service run as a specific User or, you have to configure the winhttp proxy settings using "netsh winhttp set proxy <<proxyURL>>". Once this was set, the packages were successfully downloaded and the "...revocation server is offline." messages are no longer present in the logs.
Jun 18, 2019 11:15 AM
Hi,
May be you can give us some more information, where do you want to do this upgrade? When you access the webui like instead of http://mycompany.com/suite to https://mycompany.com/suite? In this case you need order an SSL certificate, according to you your company policy. Configure IIS to use this certificate for SSL connection and that's it.
Or you want your flexera agent to use the https connection when they upload the inventory, in this case, again you need to order a SSL certifacte for the beacon server/servers, and configure the IIS accordingly. However using SSL you need to be sure that your agents can check the root ca and the CRL list, other wise communication will failed.
EDIT: Just read again you question, the improvement is related to security, as all communication via https is encrypted and secured.
May 17, 2019 07:15 AM - edited May 17, 2019 07:17 AM
Hi,
When changing agent communication from HTTP to HTTPS, you may also want to plan a transition time or deploy alternate beacon details beforehand, so that all your agents can still communicate when HTTP ist no longer available.
Best regards,
Markward
May 17, 2019 09:50 AM
May 20, 2019 09:25 AM
May 20, 2019 09:29 AM - edited May 20, 2019 09:39 AM
I don't know how is your network layout, in my case, the SSL certificates are issued by a internal CA server and the CRL is listed on a internal ip, I spoke with networking team and opened a network flow to that IP, and this solved the issue. To solve the CRL issue, I can think to do on of the following: 1. Find out the CRL address and open proxy/firewall to that one 2. Disable the CRL checking from registry not advised and not recommended from security point of view.
May 21, 2019 02:03 AM - edited May 21, 2019 02:04 AM
May 21, 2019 08:01 AM
Following up on our issue with configuring the proxy settings for the FlexNet Beacon. Since the FlexNet Beacon Service runs by default as SYSTEM, it does not make use of the IE proxy settings. You can either have the service run as a specific User or, you have to configure the winhttp proxy settings using "netsh winhttp set proxy <<proxyURL>>". Once this was set, the packages were successfully downloaded and the "...revocation server is offline." messages are no longer present in the logs.
Jun 18, 2019 11:15 AM