Protecting HTTP Depots
Updating a DSM version before version 2015.1 includes changing the encryption method. Depots that can only be reached from the central Management Point via HTTP must be changed to this new procedure manually.
Please proceed as follows:
- Create the following directory on the HTTP depot:
<DSM Share>\config\key - Specify the following access permissions:
- Read/Write access for the responsible distribution accounts
For logical reasons, we recommend entering the configured permission group the Distribution Service accounts are assigned to.
You can specify the permission group in the following configuration table setting:
Depot > Group with access to the private key - Read/Write access for the SYSTEM account
- Read/Write access for the responsible distribution accounts
- Put an empty text file named secured.txt in this directory.
This file 'tells' DSM that the preparations for changing the encryption method are finished. At the next opportunity, the private key used to decrypt the passwords of the DSM infrastructure is stored in the prepared directory.
This is the last step in protecting the HTTP depot.