How to access five(9)s Console using HTTPS

Modified on Thu, 06 Jul 2023 at 01:08 PM

Technical Background

The five(9)s Console can be accessed using HTTPS without any additional configuration. However, you might get a certificate error like on Ivantis own Web-console (https://yourCoreServer/remote):

This is due the fact, that the EPM Core creates a “self-signed” certificate during installation. This certificate will be used for SSL-based communication to Ivanti components over Microsoft Internet Information Server. Unfortunately, only one single certificate can be used per IP address of the core server.

What you can do:

Option A: adding the existing self-signed Certificate of the core server:

A) to your enterprise certificate store for distribution over GPO (recommended)

B) distribute the certificate to your machines, adding it to the Trusted Root Certification Authorities by script.

Please Note: this only works if you are using the full DNS name of the server (the hostname or DNS alias will cause the warning again).

How to get the right certificate for distribution (using self-signed)

If you followed the instructions to add your own offical certificate to the core server you already have the necessary file. If you plan to publish the existing Ivanti core server certificate to your devices, follow the steps below:

On your EPM Core open the Internet Information Server, select the Default Website, perform a right mouseclick and select Edit Bindings:

Select HTTPS and click Edit:

Click on View... of the LANDESK Secure Token Server certificate

Click on Copy to File… and follow the wizard keeping all default settings.

Import your own official certificate (optional)

Please Note: Perform a backup of your core server before you proceed.

Option B Install own Certificate:

If you need to import your own official certificate for use over IIS, open the IIS

1) Select Server -> Server Certificates

2) Right-Click into the Certificate list -> Import...

3) Select pfx, and add to Personal Store

You imported certificate should be visible in the list afterwards.

How to bind your own certificate to Default Website on IIS

Open Internet Information Services on your core server, navigate to Sites -> Default Web Site, perform a right mouseclick and choose Edit Bindings. Select HTTPS and Edit...

Choose your imported certificate from the list of SSL certificates and close the leave with OK and Close.

Using own DNS Alias When using an DNS Alias to access the EPM server, like console.company.com ensure the DNS alias is also listed in the Subject Alternative Name (SAN) of the Certificate. Furthermore, you need to add some callback urls, please follow this Ivanti documentation To be able to use the Ivanti Web Console 2.0 with your own DNS Alias, it is also required to enable "Windows Authentication for the Web Application "WebConsoleAPI"

After all this steps, the Username/Passwort Authentification is working with Ivantis Console.

Unfortunately the Alternative Authentication "windows" is not working yet. If you like to use single sign on, you better stick to the five(9)s Console :)

Document information

Last Modified Date

02.05.2023

Verified versions

five(9)s Console version 4.7

Disclaimer

Even though every care has been taken by five(9)s GmbH to ensure that the information contained in this publication is correct and complete, it is possible that this is not the case. five(9)s GmbH provides the publication "as is", without any warranty for its soundness, suitability for a different purpose or otherwise. five(9)s GmbH is not liable for any damage which has occurred or may occur as a result of or in any respect related to the use of this publication. five(9)s GmbH may change or terminate this publication at any time without further notice and shall not be responsible for any consequence(s) arising there from. Subject to this disclaimer, five(9)s GmbH is not responsible for any contributions by third parties to this publication.