Steps to Enable Trusted Agent-Server Communication

This document explains the procedure to enable trusted agent-server communication.

Note: By default Agent-Server communication will happen through HTTPS (Encrypted) communication. These steps enforce trusted (Identity Verification) HTTPS communication between agent and server.

READ AND PROCEED WITH THE STEPS CAREFULLY

Prerequisites

  1. If the configured proxy server is using Enterprise CA signed certificates, ensure that the Enterprise CA of the proxy server is present in the trust store of all the agent machines.
  2. The FQDN of the central server must match with the SAN list present in the certificate.
  3. Certificates used should be valid, i.e.it should not be expired or revoked by the CA Revocation link.
  4. Map your Desktop Central server's private IP address to a common FQDN [NAT FQDN] in your respective DNS. For example, if your FQDN is "product.server.com", map this to theDesktop Central server's IP address. By mapping, the agents will be able to access Desktop Central server.

Steps to enable Trusted HTTPS Mode (For builds 10.0.650 and above)

  • Import a valid third party SSL certificate. If you have already imported the certificate, you may proceed to the next step.
  • Login as an administrator.
  • Navigate to Admin -> Security Settings.
  • Toggle the Enable Agent Server Trusted Communication button to enable it.
  • After ensuring that the given prerequisites are met, click on Enable Now.
  • You have enabled trusted agent-server communication. Agent-server communication will now occur in strict mode (HTTPS).

Note: Trusted communication once enabled cannot be disabled.

For any queries, feel free to contact our support team at desktopcentral-support@manageengine.com