logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
mwhalenhtc  
#1 Posted : Wednesday, January 27, 2016 6:00:39 PM(UTC)
mwhalenhtc


Rank: Newbie

Joined: 1/27/2016(UTC)
Posts: 2
United States
Location: Texas

Hello,

I am currently migrating our Labtech server to SSL. I'm going for a dead-simple SSL setup in that I've taken our primary Labtech URL and bought a cert for it. So, what was labtech.mycompany.com (for instance) is now https://labtech.company.com. Our LT Agents are connecting over SSL now. That cert is installed in IIS.

I'd like to convert ScreenConnect to SSL as well. Currently SC speaks in-the-clear over port 8040.

I have been reading this document -- http://help.screenconnect.com/Piggybacking_off_existing_SSL_certificate -- and the linked changing default ports document.

This sentence trips me up:

Quote:
To use the SSL protocol to transmit web traffic securely, install an SSL certificate and use port 443, which allows users to use the HTTPS prefix.


It seems to imply that I need to use 443 for SSL connections.

Would there be any problem with adjusting the web.config from :

Quote:
<add key="WebServerListenUri" value="http://+:8040/" />


to :

Quote:
<add key="WebServerListenUri" value="https://+:8040/" />


Thanks everyone,

Mike...


---

EDIT: I think I found what I needed to do.

I needed to BIND the existing SSL cert via netsh. Then I needed to change the WebServerListenUri to https://

Is there any benefit to changing the relay URI to https?

Edited by user Wednesday, January 27, 2016 6:49:28 PM(UTC)  | Reason: Added new information

Scott  
#2 Posted : Wednesday, January 27, 2016 8:26:27 PM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,862
United States

Thanks: 3 times
Was thanked: 351 time(s) in 303 post(s)
Quote:
EDIT: I think I found what I needed to do.
I needed to BIND the existing SSL cert via netsh. Then I needed to change the WebServerListenUri to https://


Glad to hear it, although usually with piggybacking we see URL pathing (https://stuff.domain.com/screenconnect/) or something similar.

Quote:
Is there any benefit to changing the relay URI to https?

The relay traffic is encrypted by default and cannot run over https anyways, at least not without a significant amount of refactoring being done.
ScreenConnect Team
mwhalenhtc  
#3 Posted : Thursday, January 28, 2016 1:56:51 AM(UTC)
mwhalenhtc


Rank: Newbie

Joined: 1/27/2016(UTC)
Posts: 2
United States
Location: Texas

Originally Posted by: Scott Go to Quoted Post
Quote:
EDIT: I think I found what I needed to do.
I needed to BIND the existing SSL cert via netsh. Then I needed to change the WebServerListenUri to https://


Glad to hear it, although usually with piggybacking we see URL pathing (https://stuff.domain.com/screenconnect/) or something similar.


I did find later on that one of the checks was failing. I altered the URI to make it more explicit.

Is there a problem with doing it the way I've done?

Originally Posted by: Scott Go to Quoted Post
Quote:
Is there any benefit to changing the relay URI to https?

The relay traffic is encrypted by default and cannot run over https anyways, at least not without a significant amount of refactoring being done.


Yeah, that's what I gathered. I decided to leave it alone. :-)

RGgusnowski  
#4 Posted : Friday, February 5, 2016 2:10:59 AM(UTC)
RGgusnowski


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/22/2014(UTC)
Posts: 97
Canada
Location: Edmonton

Was thanked: 7 time(s) in 6 post(s)
The SC connections are already encrypted, so while using an SSL Cert and an "HTTPS://" connections looks better, it really isn't necessary.

Based on some of the posts here, there may be some performance issues using SSL.
MannyTC  
#5 Posted : Friday, February 5, 2016 1:28:45 PM(UTC)
MannyTC


Rank: Advanced Member

Medals: Bug Buster Level One: Spoon!Level 3: Shirt off your back! Received 25 Thanks!

Joined: 2/19/2015(UTC)
Posts: 262
United States
Location: AZ

Thanks: 6 times
Was thanked: 52 time(s) in 45 post(s)
Originally Posted by: RGgusnowski Go to Quoted Post
The SC connections are already encrypted, so while using an SSL Cert and an "HTTPS://" connections looks better, it really isn't necessary.

Based on some of the posts here, there may be some performance issues using SSL.


To be clear for others, the SC web server connections are NOT encrypted by default, only the relay connections are. An SSL Cert and connecting to https://yourscreenconnectserver.com are necessary if you do not want your login information and other data accessible in a non-encrypted state.

Edited by user Friday, February 5, 2016 1:31:30 PM(UTC)  | Reason: Not specified

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.