Using HTTPS

When using the Dispatcher Web API in your Ivanti Automation environment, it is possible to secure communication using the HTTPS protocol. If the Datastore is configured to use AES-256 encryption, HTTPS is used by default.

By default, the Dispatcher Web API uses an SSL certificate to communicate over HTTPS. This certificate is untrusted, which means that a security exception needs to be configured, to bypass any security warnings. The SSL certificate can be viewed in the list of certificates by searching on "certificate issuer: "RES AM – DISPATCHER SERVICE"" or "certificate issued by "RES AM – DISPATCHER SERVICE".

It is also possible to use an SSL certificate that has been issued by an official Certification Authority (CA). The SSL certificate must be installed on the Dispatcher, in a certificate store in LocalComputer (not CurrentUser).

Configuration

To configure the Dispatcher Web API to use HTTPS, select the option SSL enabled for the global or Dispatcher-specific setting WebAPI state and specify the Port number. The default port number for SSL is 443. It is possible to specify a custom port number. It is not necessary to manually configure these settings in the Dispatcher configuration file. The settings in the Dispatcher configuration file will be ignored when deploying the Dispatcher.

When using an SSL certificate that was issued by a CA, the SSL certificate thumbprint and the SSL certificate store that contains the certificate are also required.

It is not possible to use the HTTPS protocol to secure communication of the Dispatcher Web API for Dispatchers running on Microsoft Windows Server 2003 and Windows XP machines.

Known limitations

If a Dispatcher with the WebAPI enabled is installed on an IIS webserver, and both the Dispatcher and IIS use HTTPS over port 443, the existing site bindings in IIS may be overwritten by the Dispatcher.
To prevent this, please configure the WebAPI to use a different port.