logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
ksnazel  
#1 Posted : Monday, August 11, 2014 4:19:48 PM(UTC)
ksnazel


Rank: Newbie

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 5/26/2013(UTC)
Posts: 13
Location: Surrey, BC

Thanks: 6 times
Was thanked: 2 time(s) in 2 post(s)
I purchased a UCC SSL certificate from Godaddy for my website that is hosted with them. When I purchased the cert I asked that it should be usable on my Screenconnect server which is hosted elsewhere, I was assured the UCC would meet these requirements.

The cert has been created and is installed on the webserver, when I keyed the cert I included the subdomain of my SC server so it currently looks like this:
www.domain.com
domain.com
help.domain.com (This is my SC server)

Do I still use the SC configurator? If so do I use the existing exported "cer" files keys from Godaddy or do I make a new CSR request? Not sure how to proceed. The SC installation is 4.4.7 on an Ubuntu server. I understand with this current version of SC I don't have to worry about an NGINX proxy for the intermediate certificate.
Thank you very much.

Kat  
#2 Posted : Friday, August 15, 2014 3:31:10 PM(UTC)
Kat


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC

Was thanked: 6 time(s) in 6 post(s)
You are likely going to need to use the script. Where you start depends on whether you used a private key when you generated that initial CSR. If you still have that private key handy, you can skip down to the step that packages your SSL files. If you don't have the private key, then unfortunately you're going to have to start by generating the CSR again.
ScreenConnect Team
thanks 1 user thanked Kat for this useful post.
ksnazel on 8/15/2014(UTC)
ksnazel  
#3 Posted : Friday, August 15, 2014 7:44:02 PM(UTC)
ksnazel


Rank: Newbie

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 5/26/2013(UTC)
Posts: 13
Location: Surrey, BC

Thanks: 6 times
Was thanked: 2 time(s) in 2 post(s)
Thanks Kat. I was using the wrong private key when I first attempted and thought it failed for another reason, I was chasing the wrong tail so to speak.

I got it working but Chrome says the encryption is failing back to TLS 1.0. Is this a limitation of Mono or does Ubuntu need an update? Thank you for your help.
Kat  
#4 Posted : Thursday, August 21, 2014 4:57:10 PM(UTC)
Kat


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC

Was thanked: 6 time(s) in 6 post(s)
That's a good question...let us do some testing and hopefully we'll have an answer next week.
ScreenConnect Team
Kat  
#5 Posted : Thursday, September 4, 2014 1:53:50 PM(UTC)
Kat


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC

Was thanked: 6 time(s) in 6 post(s)
Sorry for the delay! It does look like Mono is supporting just up to TLS 1.0 for now. When we can add a version of Mono that will support TLS 1.2, we will do our best to implement it.
ScreenConnect Team
Bernie  
#6 Posted : Thursday, October 2, 2014 11:28:37 AM(UTC)
Bernie


Rank: Newbie

Joined: 8/20/2014(UTC)
Posts: 7
Germany
Location: Neutraubling

Thanks: 1 times
The issue at this point is that companies that comply with certain security standards might be forced to use products that already support TLS 1.2 by the end of 2014, because there are many known attacks against TLS 1.0.

The German BSI for example urgently recommends not to use TLS 1.0 starting with 2015. Is there any protection implemented against chosen-plaintext attacks in the current Mono web server implementation for instance (http://www.kb.cert.org/vuls/id/864643)? Every company that has to do vulnerability scans of publicly accessible services will get an urgent alert on TLS 1.0 only webservers sooner or later...and it would be a shame to have to shutdown ScreenConnect just because of a missing TLS 1.2 implementation.
syebrex  
#7 Posted : Sunday, February 22, 2015 12:37:26 AM(UTC)
syebrex


Rank: Newbie

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/20/2011(UTC)
Posts: 6
Location: California

Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: Bernie Go to Quoted Post
The issue at this point is that companies that comply with certain security standards might be forced to use products that already support TLS 1.2 by the end of 2014, because there are many known attacks against TLS 1.0.

The German BSI for example urgently recommends not to use TLS 1.0 starting with 2015. Is there any protection implemented against chosen-plaintext attacks in the current Mono web server implementation for instance (http://www.kb.cert.org/vuls/id/864643)? Every company that has to do vulnerability scans of publicly accessible services will get an urgent alert on TLS 1.0 only webservers sooner or later...and it would be a shame to have to shutdown ScreenConnect just because of a missing TLS 1.2 implementation.




** Did this get resolved?
thanks 1 user thanked syebrex for this useful post.
ksnazel on 7/11/2015(UTC)
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.