4 Replies Latest reply on Apr 29, 2016 6:34 AM by HapoShav

    Configuring Authenticated HTTPS (SSL) Distribution Servers

    HapoShav Rookie

      Dear Shavlik Team,

       

       

      I  need a documentation for the SSL Distribution servers.

      I have found this https://community.shavlik.com/docs/DOC-23125

      but it sais:

       

      Access to this place or content is restricted. If you think this is a mistake, please contact your administrator or the person who directed you here.


      Please can i have a documentation or tutorial on how to?


      Thank you .


        • 1. Re: Configuring Authenticated HTTPS (SSL) Distribution Servers
          cwinning CommunityTeam

          Hello,


          The document was pulled some time ago because updates are needed. Since I don't have an ETA for when the document will be updated, I will post the relevant information.


          This is not a complete guide, feel free to ask questions.

          Please Note: This document is based on Windows Server 2008 with IIS7.5

           

          1.  Create a folder on the IIS server and share it. This folder will be the Distribution Server share where the patches and data files with be stored.

           

          Install IIS and enable authentication by performing the following:

           

          1.  Open the Server Manager, right-click on Roles and select Add Role.

          1.png

          2.  Use the wizard to add the Web Server (IIS) role.

          3.  Once the Web Server (IIS) role is created, go to the Role Services section under the new role and click Add Role Services.

          4.  Select Windows Authentication under Security and go through wizard to add it.  Continue with the default settings unless you need a specific configuration.

          Untitled.png

          5.  Go to Programs -> Administrative Tools -> Internet Information Services.

          6.  Right click on Default Web Site and click Add Application.

          3.png

          7.  Add the share folder that was created in the beginning.

          1.png

          8.  Select the new Application and double-click on Authentication.

          9.  Select Windows Authentication and click on Enable.

          10.  Select Anonymous Authentication and click on Disable.

          5.png

          11.  Create a Virtual Directory in the Application.

              a.  Right-click on Application and choose Add Virtual Directory.

          6.png   

              b.  Enter and Alias and set the Physical path to the share folder.

          virt.png

          12.  Enable Directory Browsing on the Application.

          1. Double-click Directory Browsing.

          8.png

              b.  Click the Enable button

          9.png

          13.  You should test the connection to the URL.  You can do this manually through a web browser or use the Browse Virtual Directory located on the right side of the Internet Information Services (IIS) Manager when you have the Virtual Directory selected.

           

          Configuring HTTP over SSL (HTTPS):

           

          1.  Navigate to the Internet Information Services (IIS) Manager and highlight the server name.

          2.  Open Server Certificates.

          servercert.png

          3.  Click on Create Self-Signed Certificate.

          selfsig.png

          4.  Enter a friendly name and click OK.

          5.  Click on Default Web Site and click on the Binding link on the right side of the screen.

          bindings.png

              a.  Add the HTTPS binding with the SSL Certificate you created.

          binding2.png

          6.  Click on the Virtual Directory you created and then open SSL Settings.

          ssl set.png

          7.  Check the Require SSL checkbox and Apply the settings.

          SSLcertset.png

          8.  Go to Start -> Run and type MMC to open Microsoft Management Console.

          7.  Click on File -> Add/Remove Snap-in.

          8.  Highlight Certificates and then click Add.

          9.  Choose Computer account and click Next.

          10.  Choose Local Computer and click Finish.

          11.  Click OK.

          12.  Expand Certificates -> Personal -> -Certificates.

          13.  Locate the certifcate you created by Friendly Name.

          14.  Right-click and choose All Tasks -> Export.

          15.  Click Next.

          16.  Choose No, do not export the private key and click Next.

          17.  Use the defaults for the next screen and click Next.

          18.  Choose a location and File Name to save the certiicate to then click Next.

          19.  Click Finish and then OK.

          20.  Skip to step 22 if IIS is on the same server as the Protect Console.  Continue to step 21 if the IIS and the Protect Console are not on the same server.

          21.  Open the Microsoft Management Console Protect Console server by following steps 8-11.

          22.  Expand Trusted Root Certificate Authority -> Certificates.

          23.  Right-click on Certificates and choose All Tasks -> Import.

          24.  Click Next.

          25.  Specify the File Name of the certificate you exported and choose Next.

          26.  Choose Place all certificates in the following store and click Next.

          27.  Click Finish and then OK.


          Configuring the HTTPS authenticated Distribution Server in Protect 9.x:

           

          1.  Open Protect and navigate to Tools -> Operations.

          11.png

          2.  Go into Distribution Servers and click New.

          22.png

          3.  Create the Distribution Server:

          1. Give it a Name.
          2. Select Authenticated HTTP and checkmark Use SSL (HTTPS).
          3. Enter the URL.
          4. Choose Credentials used to authenticate to the URL.  Click New to create credentials.
          5. Enter the UNC path to the share folder.
          6. Choose Credentials used to authenticate to the UNC path.  Click New to create credentials.
          7. Test the connections for the URL and the UNC to make ensure proper connectivity.
          8. Save.

          ds1.png

          • 2. Re: Configuring Authenticated HTTPS (SSL) Distribution Servers
            HapoShav Rookie

            Hello,

             

            Thank you for the quick answer.

            I have two more questions:

             

                1. I am using Windows Server 2012 R2, is there any difference?

                 2. Do i have to install Shavlik Protect in the Distribution Server, because i am using another Server as a Distribution Server?

             

            Thank you

            • 3. Re: Configuring Authenticated HTTPS (SSL) Distribution Servers
              cwinning CommunityTeam

              Hello,

               

              1.  I'm sure the instructions for IIS on Server 2012 are different, I haven't gone through setup for it.  Basic instructions from MS:  https://technet.microsoft.com/en-us/library/hh831515.aspx

               

              2.  A Distribution Serve is a folder share when using a UNC path or web share when setting up an HTTP or HTTPS Distribution Server.  It does not require Shavlik Protect to be installed on it. An HTTPS Distribution Server share will require IIS installed on the same server. 

               

              Charles

              • 4. Re: Configuring Authenticated HTTPS (SSL) Distribution Servers
                HapoShav Rookie

                Thank you very much for your help