cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to add CheckCertificateRevocation & CheckServerCertificate setting in ZeroTouch Inventory

Hello,

Anyone please help on How to add CheckCertificateRevocation & CheckServerCertificate setting in ZeroTouch Inventory.

We are facing issue where server is not able to upload file to beacon server although  all ports are open as well as Beacon url is also getting successfully tested in web browser. And no traffic is blocking from firewall.

and while I have ran the ndtrack command manually with CheckCertificateRevocation & CheckServerCertificate false setting it's uploading the data.

So I need to help to push CheckCertificateRevocation & CheckServerCertificate setting from beacon when ZeroTouch inventory rule getting triggered from beacon.

(1) Solution
ChrisG
By Community Manager Community Manager
Community Manager

When using remote execution capabilities built in to Flexera One ITAM/FNMS, you are not able to control what command line options are used to gather inventory. So you can't use non-default values for settings like CheckCertificateRevocation & CheckServerCertificate.

If you need to run the inventory gathering process with non-default settings then you will need to find another way to initiate the process instead of using the built-in remote execution capabilities.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

(5) Replies

@AjaykumarPatil 

You're not describing on which OS platform(s) you're running into this issue, but please be aware that "File upload using HTTPS protocol is not directly supported for UNIX-like platforms in the Zero-footprint case." as per Zero-Footprint: System Requirements :

Capture.PNG

Thanks,

@JohnSorensenDK  We are facing this issue for for windows servers

ChrisG
By Community Manager Community Manager
Community Manager

When using remote execution capabilities built in to Flexera One ITAM/FNMS, you are not able to control what command line options are used to gather inventory. So you can't use non-default values for settings like CheckCertificateRevocation & CheckServerCertificate.

If you need to run the inventory gathering process with non-default settings then you will need to find another way to initiate the process instead of using the built-in remote execution capabilities.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

@ChrisG Please suggest any other way if we can do achieve this? It's very hard to go and setup schedule task with certificate setting command on each server.

Also please confirm in case ZeroTouch inventory where does ndtrack check the certificates? 
any specific like or it will only check the beacon certificate? 

Thanks

There are no capabilities built in to Flexera One ITAM/FNMS to remotely execute the ndtrack.exe inventory gathering process in a way that does not check certificates. If you want to do that you will need to use some other technology to remotely connect to devices and execute an appropriate command line.

ndtrack.exe on Windows uses built-in Windows system APIs to check that certificates are trusted based on information stored in the Windows certificate store. There is no material difference between how ndtrack.exe does this and how your browser would check the certificate is trusted.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)