Appendix B: Configuring Your Server to use SSL

During installation of the Ivanti Endpoint Security server, you can configure Ivanti Endpoint Security to use SSL for server to agent communication after obtaining an SSL certificate from a trust provider.

Prerequisites:

  • You must obtain a certificate from a root certificate authority.

Obtaining a trusted SSL certificate can take several days. Therefore, Ivanti recommends obtaining an SSL certificate before installing Ivanti Endpoint Security. Certificates can be obtained from trust providers such as Verisign Inc. (www.verisign.com) or Entrust (www.entrust.com).

Configuring SSL

Associate your certificate with the Ivanti Endpoint Security (Ivanti Endpoint Security) Web site in your server's Internet Information Services (IIS) Manager.

The first portion of this procedure is performed before installation of Ivanti Endpoint Security, and the second portion is performed following installation of Ivanti Endpoint Security.

Important: If you are installing Ivanti Endpoint Security on a server that already hosts a Web site, a different procedure must be used for SSL configuration. For additional information, refer to https://forums.ivanti.com/s/article/L-E-M-S-S-One-of-the-IP-Port-combinations-for-site-67-has-already-been-configured-to-be-used-by-another-program for additional guidance.

  1. If necessary, import your certificate.

    To import your certificate, complete the following substeps.

    1. Open Internet Information Services (IIS) Manager, which can be found in Administrative Tools within Control Panel.
      Internet Information Services (IIS) Manager opens.
    2. From the tree, select your Ivanti Endpoint Security server.
    3. In the main pane, scroll to the IIS section and double-click Server Certificates.
      The Server Certificates page opens.
    4. Click the Import link.
      The Import Certificate dialog opens.
    5. Click the Elipses button ( ... ), browse to your certificate, and click Open.
      You may have to edit the File name type list to see your certificate.
    6. Type the certificate Password.
    7. Click OK.
  2. Assign the certificate to the default Web site.
    To assign the certificate, complete the following substeps.
    1. From the tree, expand to Default Web Site (Server Name > Sites > Default Web Site).
    2. Click the Bindings link.
      The Site Bindings dialog opens.
    3. Click Add.
      The Add Site Binding dialog opens.
    4. From the Type list, select https.
    5. From the SSL certificate list, select your certificate.
    6. Click OK.
    7. Click Close.
  3. Complete one of the Ivanti Endpoint Security installation procedures listed in Selecting an Installation Method.

    While installing Ivanti Endpoint Security, select the Use SSL security for Patch agent communication with the server check box.

    Name resolution of the server, endpoints, and the root certificate authority is required to use SSL.

  4. Assign the certificate to the Ivanti Endpoint Security Web site.
    Complete the following substeps to assign the certificate.
    1. Open Internet Information Services (IIS) Manager, which can be found in Administrative Tools within Control Panel.
      Internet Information Services (IIS) Manager opens.
    2. From the tree, select Ivanti Web site (Server Name > Sites > Ivanti).
    3. Click the Bindings link.
      The Site Bindings dialog opens.
    4. Click Add.
      The Add Site Binding dialog opens.
    5. From the Type list, select https.
    6. From the SSL certificate list, select your certificate.
    7. Click OK.
    8. Click Close.
  5. Configure the Web site to accept only SSL connections.
    1. In the main pane, scroll to the IIS section.
    2. Double-click SSL Settings.
    3. Select the Require SSL check box.
    4. Click Apply.
      Your server is now configured for SSL communication.
    6. After Completing This Task: