‎09-19-2018 07:42 AM
‎09-19-2018 06:57 PM
joergbartz wrote:
We are running the LanSweeper in the IIS setup (not IISexpress), due to prerequisites from our ISO.
The IIS is successfully configured to use a custom certificate, however the LS Push Service at TCP/9524 always comes up with the selfsigned lansweeper certificate, which is currently identified as a possible vulnerability and needs to be resolved. I have double checked this with openssl s_client.
I have followed the relevant KB articles to setup a custom cert.
- The custom cert is in the local computer cert store, incl. the private key and it is exportable.
- I have altered the IISExpressSvc.exe.config, like following
<add key="UseCustomSSLCertificate" value="1"/>
<add key="CertificateThumbPrint" value="‎d843[foo]ca5c"/> (Thumbprint from custom certificate)
Upon start/restart of the LanSweeper service, I can see in the Logfile from the thumbprint that the LS Push Service still uses the selfsigned LS certificate:
2018-09-18 15:44:43,340 [4] INFO Starting service
2018-09-18 15:44:51,512 [4] INFO Started [bar] v7.0.30.66 by NT AUTHORITY\SYSTEM, port 9524, 10 Threads, 10 IP Threads, 1 Scanning Servers
2018-09-18 15:44:51,559 [4] INFO Operating System: Microsoft Windows Server 2012 R2 Standard (OS language: English (United States), OS version: 6.3.9600), Service Pack version: 0
2018-09-18 15:44:51,575 [4] INFO .NET Framework version: 4.7.3163.0
2018-09-18 15:44:51,575 [4] INFO Database: SQL Server 2016 (version: 13.0.5081.1) Express Edition (64-bit): localhost\SQLEXPRESS, 550.51 MB used
2018-09-18 15:44:51,575 [4] INFO License: Professional version, [foo], [bar] licensed assets
2018-09-18 15:44:51,637 [Listen] INFO Using existing SSL certificate. ThumbPrint: CD3CA9AF10778698C61520C081DC889B8E559882
How do I tell the service to use the custom certificate when I am not using IISExpress as webserver?
Best regards
Jörg
‎09-20-2018 07:12 AM
AZHockeyNut wrote:joergbartz wrote:
We are running the LanSweeper in the IIS setup (not IISexpress), due to prerequisites from our ISO.
The IIS is successfully configured to use a custom certificate, however the LS Push Service at TCP/9524 always comes up with the selfsigned lansweeper certificate, which is currently identified as a possible vulnerability and needs to be resolved. I have double checked this with openssl s_client.
I have followed the relevant KB articles to setup a custom cert.
- The custom cert is in the local computer cert store, incl. the private key and it is exportable.
- I have altered the IISExpressSvc.exe.config, like following
<add key="UseCustomSSLCertificate" value="1"/>
<add key="CertificateThumbPrint" value="‎d843[foo]ca5c"/> (Thumbprint from custom certificate)
Upon start/restart of the LanSweeper service, I can see in the Logfile from the thumbprint that the LS Push Service still uses the selfsigned LS certificate:
2018-09-18 15:44:43,340 [4] INFO Starting service
2018-09-18 15:44:51,512 [4] INFO Started [bar] v7.0.30.66 by NT AUTHORITY\SYSTEM, port 9524, 10 Threads, 10 IP Threads, 1 Scanning Servers
2018-09-18 15:44:51,559 [4] INFO Operating System: Microsoft Windows Server 2012 R2 Standard (OS language: English (United States), OS version: 6.3.9600), Service Pack version: 0
2018-09-18 15:44:51,575 [4] INFO .NET Framework version: 4.7.3163.0
2018-09-18 15:44:51,575 [4] INFO Database: SQL Server 2016 (version: 13.0.5081.1) Express Edition (64-bit): localhost\SQLEXPRESS, 550.51 MB used
2018-09-18 15:44:51,575 [4] INFO License: Professional version, [foo], [bar] licensed assets
2018-09-18 15:44:51,637 [Listen] INFO Using existing SSL certificate. ThumbPrint: CD3CA9AF10778698C61520C081DC889B8E559882
How do I tell the service to use the custom certificate when I am not using IISExpress as webserver?
Best regards
Jörg
as an option (off the top of my head and not tested) could you create a redirect from iis like create a vdir at/LSpushService for your clients to connect to, then have that redirect to the localhost service port? not sure that would work but it might help your iis team come up with a solution.
‎09-19-2018 12:10 PM
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now