cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Switching from HTTP to HTTPs

Good afternoon

I came through the community to ask for help regarding an issue that I believe many have already faced, it would be after the deployment of the tool, installation of the beacon and configuration of the agents that are reporting to an end in http it is possible to change the end to an https and continue using the same config of the agents to which they are pointing to an http ??
or will it be necessary to redeploy the agents to a new end with https ??

(4) Replies

You can configure your beacon with https. You need to ensure port 443 & 80 both are allowed in firewall before making changes. don't delete http  configuration from IIS at least for some duration.

Agent will start taking policy .

Good afternoon, I believe it was not clear in the explanation, the scenario is the client already has the beacon server and the agents deployed on the network directed to HTTP, the same will be adding a digital certificate transforming this publication into HTTPs, is there any of the agents continuing to report without needing to reinstall them?

Yes. Also for any new installation ensure certificate check false entry in registry. You need to append in your mgssetup.ini file.

desc2 = CheckServerCertificate
val2 = False
desc3 = CheckCertificateRevocation
val3 = False

The agents won't need to be reinstalled. After the beacon configuration is changed to use HTTPS, the update to the protocol to use will propagate in due course to the agents through their policy updates.

Making a change like this does carry some risk that agents will become orphaned. Remember that each agent has a set of beacon details it will attempt to use for communications. If at any point you make a change that results in none of those beacon details working any longer, then the agent will become orphaned and stop communicating.

Here are some potential gotchas to watch out for:

  • Any agent that has not updated policy to get details beacon change to use HTTPS will continue to use HTTP; so don't turn of HTTP access until this is no longer a concern (otherwise affected agents will never get their policy update to make the protocol switch).
  • If the agents cannot communicate using HTTPS (for example, because the certificate on the beacon is not trusted) then they are likely to become orphaned.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)