Hello community,
I am working on the CEM concept in Altiris ITMS 8.0. First I need to forward the communication from HTTP to HTTPS.
I successfully installed the SSL certificate issued by our internal CA.I enabled the HTTPs codebase publishing for package servers. As far as I see only NS server published HTTPS basecodes. I am planning to add only 1 or 2 Site Severs to Internet Site.
I have some questions about settings for site servers as the manual does not talk about it clearly enough.
In 'Global Site Server Settings' there are 2 options in 'Certificate rollout' section.
For intranet certificate the default binding port is 444, for CEM certificate the binding port is 443.
In manual there only one sentence in regards to intranet certificate:'The intranet certificate is delivered to all site servers.'
It does not mention its purpose.
Questions I have are:
- If I redirect my agent to use HTTPS and enable publishing HTTPS basecodes, but I do not install the Intranet certificate, will my internal (non-CEM) clients be still able to download over HTTP or UNC ?
- If I redirect my agent to use HTTPS and enable publishing HTTPS basecodes, but I do install the CEM certificate, will my external (CEM) clients be able to download over HTTPS via gateway?
- Do I have to install the intranet certificate to all site servers ?
- Can I use the same port 443 for the intranet and CEM certificates ?
- Can I use the same certificate issued by my internal CA as master certificate to sign the intranet certificate ?
- Can I use the same certificate issued by my internal CA as CEM certificate ?
Since I am new to the certificate world, before I proceed with CEM concept I need to ensure that I fully understand all technical nuances.
Thanks in advance,
Tomasz