How to Enable Trusted Agent-Server Communication
Note: By default Agent-Server communication will happen through HTTPS (Encrypted) communication. These steps enforce trusted (Identity Verification) HTTPS communication between agent and server.
Prerequisites
- If the configured proxy server is using Enterprise CA signed certificates, ensure that the Enterprise CA of the proxy server is present in the trust store of all the agent installed machines.
- The FQDN of the central server must match with the SAN list present in the certificate.
- Certificates used should be valid, i.e. it should not be expired or revoked by the CA Revocation link.
- Before enabling Agent-Server trusted communication, please verify that the FQDN present in the agent memory is available in the certificate's SAN list.
- Map your Endpoint Central server's private IP address to a common FQDN [NAT FQDN] in your respective DNS. For example, if your FQDN is "product.server.com", map this to the Endpoint Central server's IP address. By mapping, the agents will be able to access Endpoint Central server.
Note: Ensure that the connection established is secure, providing any other server address other than the FQDN will result in SSL error.
Steps to enable Trusted HTTPS Mode (For builds 10.0.650 and above)
- Import a valid third party SSL certificate. If you have already imported the certificate, you may proceed to the next step.
- Login as an administrator.
- Navigate to Admin -> Security Settings.
- Toggle the Enable Agent Server Trusted Communication button to enable it.
- After ensuring that the given prerequisites are met, Enable it.
- Agent-server communication will now happen in strict mode (HTTPS).
Note: Trusted communication once enabled cannot be disabled.
For any queries, feel free to contact our support team at endpointcentral-support@manageengine.com