EcoStruxure IT forum
Schneider Electric support forum about installation and configuration for DCIM including EcoStruxure IT Expert, IT Advisor, Data Center Expert, and NetBotz
Posted: 2020-05-27 07:36 PM
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-05-27 07:36 PM
Hello DCIM support team,
Does the ITO support SSL certificates? How can I do to upload or configure the SSL certificate in the ITO Server?
The IT security department request that all servers in the data center must to have SSL certificates and the ITO does not have any.
Does the SSL certificate upload directly in the ITO server or it should to upload in the Windows Server?
Thanks a lot for your feedback.
Regards,
Luis Lopez - FSR from SE Costa Rica
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-06-01 08:03 AM
Hello Luis
The ITO software was not configured to allow customers to upload their own SSL certificates to the application. The certificate handling in ITO is built into the app and was not designed to be customized.
However, access to the actual ITO server can be quite limited as only the DCO/ITA server actually needs access to its web server which is exposed on port 8090 (by default). The discovery and polling connections it makes to servers are initiated outbound from the ITO server. The only inbound connections "should" be from the DCO/ITA server.
So I have seen customers isolate access to the web service via windows firewall to mitigate SSL certificate concerns.
Regards
Greg Sterling
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-06-01 08:03 AM
Hello Luis
The ITO software was not configured to allow customers to upload their own SSL certificates to the application. The certificate handling in ITO is built into the app and was not designed to be customized.
However, access to the actual ITO server can be quite limited as only the DCO/ITA server actually needs access to its web server which is exposed on port 8090 (by default). The discovery and polling connections it makes to servers are initiated outbound from the ITO server. The only inbound connections "should" be from the DCO/ITA server.
So I have seen customers isolate access to the web service via windows firewall to mitigate SSL certificate concerns.
Regards
Greg Sterling
Link copied. Please paste this link to share this article on your social media post.
Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.