cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configure Client Certificate Authentication for FlexNet Inventory Agents

Configure Client Certificate Authentication for FlexNet Inventory Agents

Symptoms:

Inventory Beacons are configured to use Anonymous Authentication for Inventory Agents.  This allows all devices that have the agent installed to download settings or upload files to the beacon as long is it accessable on the network. 

Diagnosis:

Currently the only configurable option on the Inventory Beacon is to configure Basic Authentication in the Beacon application.

Solution:

It is possible to use Client and Server Authentication Certificates to restrict the access to the Inventory Beacon.  Microsoft IIS has a Security feature called IIS Client Certificate Mapping Authentication.  This feature will enable the option to require SSL and Client Certificate before allowing incoming connection.  This means that only devices that have a copy of the Client Certificate can connect.

The attached document contains further details and instructions around configuring Microsoft IIS and the certificate export and deployment process. 

Additional information can be found in the Flexera Online documentation:

https://docs.flexera.com/fnms/EN/GatherFNInv/index.html#SysRef/FlexNetInventoryAgent/tasks/Common-ClientCerts.html

https://docs.flexera.com/fnms/EN/WebHelp/index.html#tasks/ConfigureMutualTLS.html

Labels (1)
Was this article helpful? Yes No
No ratings
Comments

Will this work for a commercial cert or just a internal enterprise cert?

@craig_moore - this will work as long as the certificates used are appropriately trusted. Commercial certificates will typically be broadly trusted by your computers, and your internal certificate management team would be able to confirm which computers will trust certificates that are internally issued.

Version history
Last update:
‎Nov 24, 2021 04:34 AM
Updated by:
Contributors