 Rank: Administration Medals:  Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC
Was thanked: 6 time(s) in 6 post(s)
|
Here at ScreenConnect HQ we've been working on a little script to automate functions that we couldn't normally add to a web-based program. All you need to do is run the .exe for the script. Requirements:
-Windows Server 2008 r2 and later -ScreenConnect installed Before you get started:-Read our SSL documentation-Back up your web.config file -Run the script as an administrator Download the ScreenConnect SSL Configurator *Last updated 10/13/15 Edited by user Tuesday, October 13, 2015 2:40:14 PM(UTC)
| Reason: Script has been moved to http://help.screenconnect.com |
ScreenConnect Team |
 1 user thanked Kat for this useful post.
|
|
|
|
 Rank: Advanced Member Medals: Joined: 5/7/2013(UTC)
Posts: 47
Location: Parma
Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
|
Hi
What about a self signed certificate? I just need to encrypt the authentication process.
|
|
|
|
|
|
Rank: Administration Medals:  Joined: 4/22/2010(UTC)
Posts: 475
Location: NC
Was thanked: 17 time(s) in 15 post(s)
|
The problem with a self-signed cert is that you have to make the client browsers trust it; otherwise ClickOnce deployment will likely fail. As long as you get a browser security warning, ClickOnce is going to have a problem deploying the client. |
ScreenConnect Team |
|
|
|
|
|
Rank: Advanced Member Medals: Joined: 5/7/2013(UTC)
Posts: 47
Location: Parma
Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
|
This is just for not sending credentials in cleartext. Is there another way? I only need it for the host console for security purposes.
Thank you.
|
|
|
|
|
|
 Rank: Member Joined: 6/23/2011(UTC)
Posts: 28
Location: New Zealand
|
Is it just me or are the above links broken? All I get is a warning "Please do not link directly to this resource. You must have a session in the forum."
|
|
|
|
|
|
Rank: Administration Medals:  Joined: 4/16/2010(UTC)
Posts: 441
Location: Raleigh
Thanks: 5 times
Was thanked: 38 time(s) in 33 post(s)
|
They appear to be working from our side. Can you try again? |
ScreenConnect Team |
|
|
|
|
|
Rank: Administration Medals: Joined: 4/16/2010(UTC)
Posts: 441
Location: Raleigh
Thanks: 5 times
Was thanked: 38 time(s) in 33 post(s)
|
Mc128k wrote:This is just for not sending credentials in cleartext. Is there another way? I only need it for the host console for security purposes.
Thank you. All data passing between host and guest systems is fully encrypted and protected from unauthorized access. This includes all screen data, file transfers, key strokes, and chat messages. ScreenConnect employs a 256 bit AES encryption algorithm, similar to that used by many banking and government institutions. Although ScreenConnect encrypts all Relay session traffic by default, the Web Server HTTP traffic is not encrypted unless configured with SSL. There's really not a way to SSL/secure just the Login process without securing the entire website. Though this is something that we are looking into. Edited by moderator Tuesday, May 21, 2013 12:40:51 PM(UTC)
| Reason: Not specified |
ScreenConnect Team |
1 user thanked Sean for this useful post.
|
|
|
|
Rank: Member Joined: 6/23/2011(UTC)
Posts: 28
Location: New Zealand
|
Sean wrote:They appear to be working from our side. Can you try again? Working for me now. Not sure what happened there!!
|
|
|
|
|
|
Rank: Administration Medals: Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC
Was thanked: 6 time(s) in 6 post(s)
|
|
ScreenConnect Team |
|
|
|
|
|
 Rank: Newbie Joined: 11/22/2013(UTC)
Posts: 1
Location: Asheville
|
Your ScreenConnect SSL Configurator utility may be what I'm looking for. Currently I have single external static IP address with an IIS7 web server on Windows Server 2008 R2. I just got a cert from a certificate authority, http://www.startssl.com/ for free by the way. I already have a website and I'm using port 443 bound to all local IPs. Both HTTP an HTTPS requests are working on the website. e.g. http://mysite and https://mysite on 443 I'd like to use the same cert on port 8040 to secure those sessions as well for ScreenConnect. e.g. https://mysite:8040. Will this utility do this? I've looked at http://help.screenconnect.com/HOWTO-0004.ashx. It seems a bit Greekish to me. Aside from running the utility, do I need to do anything else to prepare for it? I really don't want to break my existing IIS website, or the SSL function on that site.
|
|
|
|
|
|
Rank: Newbie Joined: 1/30/2014(UTC) Posts: 1  Location: Tampa
|
I have a question which I have been unable to find the answer to in the various posts on the topic including this. It seems that once the SSL cert has been created and bound and the webconfig has been altered to have the webserver listen on port 443 then the relay cannot also run on port 443? Is this correct and if so what is the recommended solution? After following the procedure I seem to only be able to get either the relay service which I had previously changed in the webconfig to port 443 or the webserver service to run once it is changed from 80 which I had previously edited to be to 443 via the configurator. I understand that the relay is encrypted and for internal use I was fine with leaving the webserver on 80 and relay on 443 but for potential meetings with clients, etc. many would be hesitant to go to a site not using SSL so I wanted to change it to avoid this potential issue.
Thanks in advance for the heads up.
|
|
|
|
|
|
Rank: Advanced Member Medals:  Joined: 9/13/2010(UTC)
Posts: 708
Location: Minnesota
Thanks: 1 times
Was thanked: 44 time(s) in 32 post(s)
|
Originally Posted by: kisingercampo  I have a question which I have been unable to find the answer to in the various posts on the topic including this. It seems that once the SSL cert has been created and bound and the webconfig has been altered to have the webserver listen on port 443 then the relay cannot also run on port 443? Is this correct and if so what is the recommended solution? After following the procedure I seem to only be able to get either the relay service which I had previously changed in the webconfig to port 443 or the webserver service to run once it is changed from 80 which I had previously edited to be to 443 via the configurator. I understand that the relay is encrypted and for internal use I was fine with leaving the webserver on 80 and relay on 443 but for potential meetings with clients, etc. many would be hesitant to go to a site not using SSL so I wanted to change it to avoid this potential issue.
Thanks in advance for the heads up. You can leave relay on 80(it is encrypted anyway) and put your web on 443. Where things get tricky is if you also want to have port 80 for web with a redirect.
|
|
|
|
|
|
Rank: Newbie Joined: 2/7/2014(UTC) Posts: 4 Location: Missouri
|
We are using StartSSL for secondary SSL certificates, etc. However, this tool uses MD5 hashes for generating the CSR, and StartSSL only will support SHA1 or better. Can this be modified with the current tool using a command line argument? I have a trial account right now, but am uncomfortable with non-SSL for technicians logging into the product with their AD accounts. UPDATE 2/25/2014: What I did was utilize our Certificate Authority's SSL Generation tool to generate both a Private key and a Public key for our domain. After that, I found a thread about how to secure both the "Web Interface" and the "Relay" services. See more hereEdited by user Tuesday, February 25, 2014 10:36:54 PM(UTC)
| Reason: Adding link to forum post for my resolution method.
|
|
|
|
|
|
Rank: Newbie Joined: 2/25/2014(UTC) Posts: 3 Location: Toledo
|
Quote:All data passing between host and guest systems is fully encrypted and protected from unauthorized access. This includes all screen data, file transfers, key strokes, and chat messages. ScreenConnect employs a 256 bit AES encryption algorithm, similar to that used by many banking and government institutions.
Although ScreenConnect encrypts all Relay session traffic by default, the Web Server HTTP traffic is not encrypted unless configured with SSL. There's really not a way to SSL/secure just the Login process without securing the entire website. Though this is something that we are looking into. Does "fully encrypted" also apply to the new VoIP feature in version 4.1?
|
|
|
|
|
|
Rank: Newbie Joined: 3/13/2014(UTC) Posts: 5 
|
Downloaded latest version of SC (v4.2), and running on Ubuntu Server 12.04. Generated an external CA validated certificate, by using the ScreenConnect SSL Configurator. I've extracted the tarball, but there is no httplistener directory to extract the certificate and private key into. The path only contains "certs" or "keypairs". I've tried installing it using: Code:httpcfg -add -port 443 -cert 443.cer -pvk 443.pvk
Still no joy. I just get "SSL connection error" in Chrome. Any ideas? Has the process changed from SC v4.1 to v4.2?
|
|
|
|
|
|
Rank: Administration Medals: Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC
Was thanked: 6 time(s) in 6 post(s)
|
There should be no change in the directory for 4.2. If you don't see the httplistener directory, just create it. |
ScreenConnect Team |
|
|
|
|
|
Rank: Member Medals: Joined: 4/15/2014(UTC) Posts: 18  Location: Hamilton Was thanked: 1 time(s) in 1 post(s)
|
Hey there. I have the same issue. Firstly there was no httplistener directory so I created it - copying the 443.pvk and 443.
I made the changes to the web.config file as suggested.
I navigated to the httplistener directory then ran -
httpcfg -add -port 443 -pvk 443.pvk -cert 443.cert
This seemed to go off without a hitch. When I use the httpcfg -list command it gives me the thumbprint on the port.
When I navigate to the site using https however it just comes back with SSL Connection Error - as if it doesnt even know there is a certificate registered.
When I go to my site with :443 --- it works --- but using HTTPS gives SSL Connection Error. So 443 is open - just not secured.
Shouldnt I have to register the certificate locations somewhere in the configs?????
Please excuse my bluntness - I am used to working with Apache2 and Mono is a little strange for me.
|
|
|
|
|
|
Rank: Member Medals: Joined: 4/15/2014(UTC) Posts: 18 Location: Hamilton Was thanked: 1 time(s) in 1 post(s)
|
Please note I typed the above out quickly. I have done this over and over again several dozen times so a typo isnt really a factor... --- it feels to me like I am missing a step (or steps).
PLEASE HELP!!! Thank you in advance.
|
|
|
|
|
|
 Rank: Guest Medals: Joined: 3/25/2014(UTC)
Posts: 226
Thanks: 5 times
Was thanked: 12 time(s) in 11 post(s)
|
pcheroes, we might need to get a session going to get a closer look. Please email us at support@screenconnect.com and reference this forum post. Thank you
|
|
|
|
|
|
Rank: Newbie Joined: 5/29/2015(UTC) Posts: 1 Location: Central
|
Greetings Everyone, I just got my new NEO yubikey today ! It was really easy to configure to get it to work with the interface of ScreenConnect via a computer. Now at my job sometimes it requires me to use my phone to access screenconnect. Since my account is setup to use the yubikey, I had to find a way using NFC to get the generated OTP into the application. So here is what I did, simplified. * Pre-assuming that you have the screen connect app already configured* 0) Make sure that NFC is turned on 1) Go to the App Store and and download yubiclip 2) Go to the Screen Connect App 3) Login with credentials 4) When asked for the OTP, touch NEO to your device 5) Select to complete action using YubiClip 6) Long press the OTP field and Paste 7) Log in. You should now be seeing your screen connect site. Edited by user Friday, May 29, 2015 6:15:04 PM(UTC)
| Reason: mention NFC
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
