logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
chomes  
#1 Posted : Tuesday, November 4, 2014 10:54:52 AM(UTC)
chomes


Rank: Advanced Member

Joined: 2/28/2013(UTC)
Posts: 35
Location: South West, London

Thanks: 6 times
This is a two part request.

At current state if I want to use signed SSL certificates on my Linux machine for screen connect, I have to create them in Windows and them pass them over to my Linux box. I would like to be able to create these certificates on Linux without using a Windows machine as I do not want to waste a sub domain on a Windows machine that I have no use for.

Another thing, I'd like to know if I use SSL can I still use the 8040 port instead of having to use the default 443 port?

Paul Moore  
#2 Posted : Tuesday, November 4, 2014 12:12:09 PM(UTC)
Paul Moore


Rank: Advanced Member

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 9/16/2011(UTC)
Posts: 334

Thanks: 5 times
Was thanked: 70 time(s) in 44 post(s)
You can create TLS certificates on Linux already... using the "openssl" command.

You can use port 8040 with TLS.
ScreenConnect Reporting - Collects live & historical information including session times.
http://goo.gl/nrF3e9
dittobox  
#3 Posted : Tuesday, November 4, 2014 4:45:46 PM(UTC)
dittobox


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 5/30/2013(UTC)
Posts: 35
Man
Location: Vancouver, WA

Thanks: 12 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: chomes Go to Quoted Post
... I would like to be able to create these certificates on Linux without using a Windows machine as I do not want to waste a sub domain on a Windows machine that I have no use for...


Can you expound on what you mean? I created a CSR on a Windows computer using the batch script provided by Elisnore, purchased a cert, then packaged the signed cert on Windows again using the batch script. Then I transferred it via SFTP to my Linux machine which has ScreenConnect on it. I had no need to create additional DNS domain records for any of it, certainly not the Windows computer I used to create the CSR.

chomes  
#4 Posted : Thursday, November 6, 2014 11:22:45 AM(UTC)
chomes


Rank: Advanced Member

Joined: 2/28/2013(UTC)
Posts: 35
Location: South West, London

Thanks: 6 times
Originally Posted by: dittobox Go to Quoted Post
Originally Posted by: chomes Go to Quoted Post
... I would like to be able to create these certificates on Linux without using a Windows machine as I do not want to waste a sub domain on a Windows machine that I have no use for...


Can you expound on what you mean? I created a CSR on a Windows computer using the batch script provided by Elisnore, purchased a cert, then packaged the signed cert on Windows again using the batch script. Then I transferred it via SFTP to my Linux machine which has ScreenConnect on it. I had no need to create additional DNS domain records for any of it, certainly not the Windows computer I used to create the CSR.



I want to make the csr request on my screen connect server along with installing it. I also want to use port 8040 with https.

The reason for this is because I already have a SSL certificate with my DNS domain of screen connect on it was made on a linux server creating a csr request on a Windows is spending more money on buying a new ssl certificate just so the windows server can create it.
Kat  
#5 Posted : Thursday, November 6, 2014 4:23:49 PM(UTC)
Kat


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC

Was thanked: 6 time(s) in 6 post(s)
You can definitely generate the CSR from your Linux machine, that's not an issue at all. The issue is the private key. Mono wants the private key in an archaic Windows .PVK format. We can't get a correct .PVK file on a Linux machine, and so we have to create one using a Windows machine.

As for using port 8040 instead of 443, all you'll need to do is rename your private key and certificate files (443.pvk and 443.cer) in the /opt/screenconnect/App_Runtime/etc/.mono/httplistener folder to 8040.pvk and 8040.cer. Then just make sure your WebUriListen key in your web.config looks something like "https://+:8040" . Don't forget that "s"!
ScreenConnect Team
chomes  
#6 Posted : Tuesday, December 23, 2014 10:05:56 AM(UTC)
chomes


Rank: Advanced Member

Joined: 2/28/2013(UTC)
Posts: 35
Location: South West, London

Thanks: 6 times
Originally Posted by: Kat Go to Quoted Post
You can definitely generate the CSR from your Linux machine, that's not an issue at all. The issue is the private key. Mono wants the private key in an archaic Windows .PVK format. We can't get a correct .PVK file on a Linux machine, and so we have to create one using a Windows machine.

As for using port 8040 instead of 443, all you'll need to do is rename your private key and certificate files (443.pvk and 443.cer) in the /opt/screenconnect/App_Runtime/etc/.mono/httplistener folder to 8040.pvk and 8040.cer. Then just make sure your WebUriListen key in your web.config looks something like "https://+:8040" . Don't forget that "s"!


Sorry for late replying to this, I see that's understandable I'll make my SSL certificate on the Windows machine then hopefully mono development will allow this in the later future.
donb  
#7 Posted : Thursday, April 2, 2015 1:34:57 PM(UTC)
donb


Rank: Newbie

Joined: 4/2/2015(UTC)
Posts: 1
Location: USA

How do I generate a PVK for a certificate that already exists?
Kat  
#8 Posted : Monday, April 6, 2015 7:31:59 PM(UTC)
Kat


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC

Was thanked: 6 time(s) in 6 post(s)
Do you already have a key associated with that certificate? If so it's just a matter of either using our Configurator tool (you can skip the CSR step), or by using this PVK tool to convert your key: http://www.drh-consultancy.demon.co.uk/pvk.html .
ScreenConnect Team
Jeremy  
#9 Posted : Friday, April 17, 2015 12:19:25 PM(UTC)
Jeremy


Rank: Newbie

Joined: 1/30/2015(UTC)
Posts: 3
United States

You're better off just using nginx as a reverse proxy and proxying connections over the localhost interface. Mucking about with certificates in mono will leave you open to security vulnerabilities. Let me know if you need help with the config, you can shoot me an email at jeremy[at]schattenconsulting[dot]com.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.