Question regarding use of HTTPS with WMS

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • January 7, 2021 at 12:30 pm #54068
    schurmb
    Participant
    • Total Post: 45
    • Frequent Flyer
    • ★★★

    Hi,

    We have an on-prem wms 1.2 deployment  with thinos devices running  8.5_024, 8.6_027 and 8.6_303 firmware. WMS uses a self signed certificate.

    I read in the release of DSA-2020-281: DELL WYSE THINOS 8.6 SECURITY UPDATE FOR INSECURE DEFAULT CONFIGURATION VULNERABILITIES, that the vulnerability shouldn’t apply when you use WMS.

    Dows this also apply when you use a self signed certificate?

    When I check on the thin client under ‘central configuration – WDA’, I see a red lock next to the WMS server address. ‘Enable CA Validation’ is unchecked.

    I guess this means that we are not using https for the connection to the Wyse server?

     

    I want to install an internal certificate on the Wyse server to replace the self signed one.

    So the steps to take are :

    1. upload the root CA certificate to the thin clients via security settings in WMS

    2. Install the certificate on the Wyse server

    3. Enable CA validation on the thin clients

    Is this correct?

     

    Thanks

    January 20, 2021 at 2:16 pm #58321
    ConfGen
    Keymaster
    • Total Post: 10696
    • Jedi Master
    • ★★★★★★★

    Yes, as WMS uses SSL this vulnerability does not apply here regardless of the used certificate.

    CG

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.