A new Flexera Community experience is coming on November 25th. Click here for more information.
Is it possible to configure a Unix standalone agent package (ndtrack.sh) to work on HTTPS?
When doing a full agent install, there is an mgsft_rollout_cert file that is required to be in the same directory as the install package and mgsft_rollout_response file. After installation, the certs within mgsft_rollout_cert are pinned on the system so it can communicate using HTTPS.
What is required for ndtrack.sh to work using pinned certificates?
Is it as simple as including your mgsft_rollout_cert file in the same dir you have your ndtrack.sh, ndtrack.ini and InventorySettings.xml files?
Or, does it require something additional passed in the command against ndtrack.sh?
Or, is it even possible?
I ask because in the documentation for ndtrack command line I see Preferences for SSLCA and SSLCRL related options, but only under the full UNIX agent install column, NOT for UNIX ndtrack.sh.
If it's possible, could we an example of how it's done?
‎Dec 11, 2020 03:44 PM
Also, I have read How-to-setup-https-SSL-TLS-to-secure-and-encrypt-internal-FNMS, but the only option listed for Non-Windows Lite agent is passing -o CheckServerCertificate=false -o CheckCertificateRevocation=false against ndtrack.sh, but this is not a great option.
‎Dec 11, 2020 03:51 PM
‎Apr 14, 2021 09:29 AM
@kyle_wolff - If you are using the stand-alone scanner / Core Executable method of using ndtrack.sh on Linux, I am not aware of a way that you can have the connection to the Beacon use HTTPS.
While there are advantages of using the Core Executable method, AFAIK the major downside on Linux is lack of support for HTTPS.
‎Dec 14, 2020 01:22 PM