Generate a Certificate
SysTrack provides two options for generating certificates: a SysTrack-generated self-signed certificate, or an alternative user-generated certificate.
Generated Self-Signed Certificate
To generate a SysTrack self-signed certificate, select the Configure IIS TLS for the Default Web Site option in the IIS TLS Configuration section of the dialog during the Web Services installation. This will create, install, and configure a new SHA256 2048-bit certificate which expires in three years.
Important considerations:
-
IIS bindings are automatically created with this option.
-
The certificate must be exported from the SysTrack master server and imported into each client endpoint. For more information, see the Master to Endpoint Certificate Migration section of the SysTrack Agent Deployment Guide.
-
IIS and SSRS bindings need to be manually configured to utilize the certificate.
-
For an example of GPO-based certificate distribution, see Microsoft’s Distribute Certificates to Client Computers by Using Group Policy article.
-
For an example of manual certificate import, see Microsoft’s Installing the trusted root certificate article.
NOTE: To maintain STIG compliance when selecting either of the Configure IIS TLS options, you must complete the Web Services Host Name field and enter the Web Services IP followed by :443 in the Web Services IP field.
Certificate Generation
Use a Domain CA
-
The certificate should be part of an existing trusted certificate chain.
-
Endpoints need to be domain-joined to recognize the certificate/chain.
-
IIS and SSRS bindings need to be manually configured to utilize the certificate.
-
For an example of requesting and issuing a certificate for IIS, see Microsoft’s How to Set Up SSL on IIS 7 article.
Use a Purchased Certificate
-
The certificate needs to be purchased and available prior to SysTrack installation.
-
IIS and SSRS bindings need to be manually configured to utilize the certificate.
Manual certification is allowed.
On This Page