Deployment Solution facilitates communication between the client computers and Notification Server (NS), Task Server (TS), and Package Server (PS) using the SSL mode of communication. This secured mode of communication is achieved by installing the SSL certificate that is downloaded from the NS, TS, or PS on the client computer after the computer boots in the preboot environment and production environment. In Deployment Solution, the Extract SSL Certificate policy downloads and installs the SSL certificate from the IIS locations of NS, PS and TS to their respective predefined web location. The agent that is specific for the operating system and is installed on the client computers in the preboot environment then downloads and installs the SSL certificate from the NS, PS, and TS web locations to the predefined location of the client computer.
Following are the agents that are present in the preboot environment of the specific operating system:
Windows operating system
Linux operating system
Mac operating system
To configure NS, PS and TS for IIS and HTTPS refer to the Symantec™ IT Management Suite powered by Altiris™ technology Installation and Upgrade Guide.
For Windows client computer, the PECTAgent that is installed in the preboot environment locates the SSL certificate on the client computer and then uses the certificate to communicate with the NS, PS, and TS sequentially. The PECTAgent of the computer then tries to connect to the NS using the HTTPS protocol. If the SSL certificate expires, you must manually renew and install the certificate on the NS and then rollout the Extract SSL certificate policy.
For Mac client computers, install the utility aex-getsscert and then execute the following command to download the SSL certificate from NS, PS, and TS to the client computer:
For Linux client computers, to facilitate communication with the PS, execute the following command to download the SSL certificate from the PS to the client computer:
aex-getsscert <IP> yes
For Linux and Mac, if the package server is configured on the SSL, then you must manually install the package server's SSL certificate on the client computers in the preboot environment and production environment to facilitate communication between the package server and the client computers.
The location of the SSL certificate that is downloaded from the IIS of the NS, PS, and the TS is stored on the servers and the client computer location as follows :
HTTPS location of NS
https://<server name/ or IP address > /Altiris/NS/NSCap/Bin/Deployment/Certificates
HTTPS location of TS
https://<server name/ or IP address > /Altiris/ClientTaskServer/Deployment/Certificates
HTTPS location of PS
https://<server name/ or IP address > /Altiris/Deployment_Cert/Certificates
<SMA_install_directory>\Altiris Agent\Package Server Agent\Deployment_Cert\Certificates
The path of the Windows client computer
The path of the Mac client computer
The path of the Linux client computer
You can access the Extract SSL policy from the console in one of the following ways:
Settings > All Settings > Agents/Plug-ins
In the left pane, expand the Settings folder. Under the Settings folder, expand the Agents/Plug-ins folder. From the Agents/Plug-ins folder, expand the Deployment and Migration folder. From the Deployment and Migration folder, select the Windows(x64) or Windows(x86) folder.
Settings > Agents/Plug-ins > All Agents and Plug-ins
In the left pane, expand the Agents/Plug-ins folder. From the Agents/Plug-ins folder, expand the Deployment and Migration folder. From the Deployment and Migration folder, select the Windows(x64) or Windows(x86) folder.