CA Client Automation

 View Only
  • 1.  Securing ENC connections

    Posted Jun 23, 2020 12:26 PM
    Hello Folks.

    Is it possible to protect, maybe with certificates the socket ports that we use and configured when implemented ENC?.

    For example, if we use socket port 5000, we would like to make it more secure because is exposed on internet.

    Thanks in advance.

    Regards.


  • 2.  RE: Securing ENC connections
    Best Answer

    Broadcom Employee
    Posted Jun 24, 2020 08:52 AM





  • 3.  RE: Securing ENC connections

    Posted Oct 07, 2020 12:50 PM
    Hi Steve, 

    Is there any way to get ENC tomcat working on https? We understand server and peers authentication using certificates, but client want to secure the url that is exposed to internet:

    http://myserver.mycompany.com/encServer/servlet/ClientServicesServlet

    to use:

    https://myserver.mycompany.com/encServer/servlet/ClientServicesServl

    We ran some test on controllated environment but when tomacat is configured to use a certificate we recieve this error on remote pcs:

    Retrieving status information from ENC Client...
    Unable to register with Gateway Server myserver.mycompany.com

    Thanks in advance.






  • 4.  RE: Securing ENC connections

    Broadcom Employee
    Posted Oct 08, 2020 05:52 AM

    Hi Allan,

     

    ENC can use SSL directly (port 443) and making changes to Tomcat is not required, and as you have found out will break it.

     

    Rgds,

    Steve

     

     

     






  • 5.  RE: Securing ENC connections

    Posted Oct 08, 2020 08:19 PM
    Hi Steve, thanks for answer

    Then the only way to secure ENC is certificate authentication between peers? Is there any known vulnerability that can be exploded over default ports (80 / 443)?

    We have been reading the green book but there is not information about this.

    We appreciate your help.


  • 6.  RE: Securing ENC connections

    Broadcom Employee
    Posted Oct 09, 2020 04:17 AM

    Hi Allan,

     

    ENC was added to Client Automation over 10 years ago and since then I have not heard of any known security vulnerability.

     

    Rgds,

    Steve.