Steps to Enable Trusted Agent-Server Communication
This document explains the procedure to enable trusted agent-server communication.
Note: By default Agent-Server communication will happen through HTTPS (Encrypted) communication. These steps enforce trusted (Identity Verification) HTTPS communication between agent and server.
READ AND PROCEED WITH THE STEPS CAREFULLY
- If the configured proxy server is using Enterprise CA signed certificates, ensure that the Enterprise CA of the proxy server is present in the trust store of all the agent machines.
- The FQDN of the central server must match with the SAN list present in the certificate.
- Certificates used should be valid, i.e.it should not be expired or revoked by the CA Revocation link.
- Before enabling Agent-Server trusted communication, please verify that the FQDN present in the agent memory is available in the certificate's SAN list.
- Map your Endpoint Central server's private IP address to a common FQDN [NAT FQDN] in your respective DNS. For example, if your FQDN is "product.server.com", map this to the Endpoint Central server's IP address. By mapping, the agents will be able to access Endpoint Central server.
Note: Ensure that the connection established is secure, providing any other server address other than the FQDN will result in SSL error.
Steps to enable Trusted HTTPS Mode (For builds 10.0.650 and above)
- Import a valid third party SSL certificate. If you have already imported the certificate, you may proceed to the next step.
- Login as an administrator.
- Navigate to Admin -> Security Settings.
- Toggle the Enable Agent Server Trusted Communication button to enable it.
- After ensuring that the given prerequisites are met, click on Enable Now.
- You have enabled trusted agent-server communication. Agent-server communication will now occur in strict mode (HTTPS).
Note: Trusted communication once enabled cannot be disabled.
For any queries, feel free to contact our support team at email@example.com