Searching...
Filters
SmallMediumLarge
Home Print Show Topic URL Previous Next
IT Management Suite
Client Management Suite
Server Management Suite
Deployment Solution
Asset Management Suite
ServiceDesk

About SSL communication in Deployment Solution

Deployment Solution

Deployment Solution facilitates communication between the client computers and Notification Server (NS), Task Server (TS), and Package Server (PS) using the SSL mode of communication. This secured mode of communication is achieved by installing the SSL certificate that is downloaded from the NS, TS, or PS on the client computer after the computer boots in the preboot environment and production environment. In Deployment Solution, the Extract SSL Certificate policy downloads and installs the SSL certificate from the IIS locations of NS, PS and TS to their respective predefined web location. The agent that is specific for the operating system and is installed on the client computers in the preboot environment then downloads and installs the SSL certificate from the NS, PS, and TS web locations to the predefined location of the client computer.

Following are the agents that are present in the preboot environment of the specific operating system:

Windows operating system

PECTAgent

Linux operating system

ULM

Mac operating system

ULM

To configure NS, PS and TS for IIS and HTTPS refer to the Symantec™ IT Management Suite powered by Altiris™ technology Installation and Upgrade Guide.

For Windows client computer, the PECTAgent that is installed in the preboot environment locates the SSL certificate on the client computer and then uses the certificate to communicate with the NS, PS, and TS sequentially. The PECTAgent of the computer then tries to connect to the NS using the HTTPS protocol. If the SSL certificate expires, you must manually renew and install the certificate on the NS and then rollout the Extract SSL certificate policy.

For Mac client computers, install the utility aex-getsscert and then execute the following command to download the SSL certificate from NS, PS, and TS to the client computer:

/usr/bin/aex-getsscert <IP/HOSTNAME>

For Linux client computers, to facilitate communication with the PS, execute the following command to download the SSL certificate from the PS to the client computer:

aex-getsscert <IP> yes

For Linux and Mac, if the package server is configured on the SSL, then you must manually install the package server's SSL certificate on the client computers in the preboot environment and production environment to facilitate communication between the package server and the client computers.

The location of the SSL certificate that is downloaded from the IIS of the NS, PS, and the TS is stored on the servers and the client computer location as follows :

HTTPS location of NS

https://<server name/ or IP address > /Altiris/NS/NSCap/Bin/Deployment/Certificates

HTTPS location of TS

https://<server name/ or IP address > /Altiris/ClientTaskServer/Deployment/Certificates

HTTPS location of PS

https://<server name/ or IP address > /Altiris/Deployment_Cert/Certificates

The local path of NS

<SMA_install_directory>\Altiris\Notification Server\NSCap\bin\Deployment\Certificates

The local path of TS

<SMA_install_directory>\Altiris Agent\Client Task Server\ServerWeb\Deployment\Certificates

The local path of PS

<SMA_install_directory>\Altiris Agent\Package Server Agent\Deployment_Cert\Certificates

The path of the Windows client computer

X:/Program Files/Symantec/Deployment/SSLStore

The path of the Mac client computer

opt/altiris/notification/nsagent/etc/

The path of the Linux client computer

/opt/altiris/notification/nsagent/etc

You can access the Extract SSL policy from the console in one of the following ways:

  • Settings > All Settings > Agents/Plug-ins

    In the left pane, expand the Settings folder. Under the Settings folder, expand the Agents/Plug-ins folder. From the Agents/Plug-ins folder, expand the Deployment and Migration folder. From the Deployment and Migration folder, select the Windows(x64) or Windows(x86) folder.

  • Settings > Agents/Plug-ins > All Agents and Plug-ins

    In the left pane, expand the Agents/Plug-ins folder. From the Agents/Plug-ins folder, expand the Deployment and Migration folder. From the Deployment and Migration folder, select the Windows(x64) or Windows(x86) folder.