- This topic has 3 replies, 2 voices, and was last updated 3 years, 7 months ago by .
Viewing 4 posts - 1 through 4 (of 4 total)
Viewing 4 posts - 1 through 4 (of 4 total)
- You must be logged in to reply to this topic.
Tagged: CVE-2020-29491, FTP, HTTPS, wyse
Hi,
I heard about CVE-2020-29491 and CVE-2020-29492 last week and so I try to secure my environment and configure https for my clients instead of FTP.
I installed IIS on my fileserver and when I set up the 443 binding, I have to use a certificate. I´m not that good with all the IIS stuff – so here is my question:
To access my fileserver, all my thin clients need to have this cert installed – is that right? If yes, how can I do that? With the FTP solution it was possible to place it in the cacerts folder but how can I do this using https?
And do I need to change something in my Xen.ini / Wnos.ini?
Thanks in advance!
If you want to switch to https you will need a certificate, correct.
The best way is to set up your own Certificate Authority and then use self-signed certificates. Another way would be to buy official certificates.
In all ways, you would have to make sure that the root certificate (self-signed or official) is loaded on the client.
You can do that via ftp (which you want to get rid of) or use a USB memory stick.
No need to change anything in your INI files.
CG
Hi,
thanks – I got https working now.
Some thoughts on the certificate thing now:
– First I thought, I can use the certs that are already on my thin clients (domain and storefront cert) but as I saw, there is no possibility to bind them to IIS because they don´t have a private key. Is that true (only new self signed cert or a .pfx cert valid for IIS)?
– When using a .pfx, is there a way I write the private key in my .ini files (secure, for sure)
– I manage around 500 thin clients so the deployment method by usb stick is not a possibility. Using FTP is also not possible because DHCP Option Tag 161 is not “https://fqdn”. Any other possibilities?
Thanks in advance!
You only need the root certificate on the clients.
The IIS itself needs the certificate including the private key (.pfx).
CG
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |