logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
Kat  
#1 Posted : Tuesday, February 5, 2013 4:38:27 PM(UTC)
Kat


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC

Was thanked: 6 time(s) in 6 post(s)
Here at ScreenConnect HQ we've been working on a little script to automate functions that we couldn't normally add to a web-based program. All you need to do is run the .exe for the script.

Requirements:
-Windows Server 2008 r2 and later
-ScreenConnect installed

Before you get started:
-Read our SSL documentation
-Back up your web.config file
-Run the script as an administrator


Download the ScreenConnect SSL Configurator


*Last updated 10/13/15

Edited by user Tuesday, October 13, 2015 2:40:14 PM(UTC)  | Reason: Script has been moved to http://help.screenconnect.com

ScreenConnect Team
thanks 1 user thanked Kat for this useful post.
Zlika on 3/13/2015(UTC)
Mc128k  
#2 Posted : Tuesday, May 7, 2013 4:07:47 PM(UTC)
Mc128k


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 5/7/2013(UTC)
Posts: 47
Location: Parma

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
Hi
What about a self signed certificate? I just need to encrypt the authentication process.
Reid  
#3 Posted : Monday, May 13, 2013 7:36:31 AM(UTC)
Reid


Rank: Administration

Medals: Level 2: Lent a Helping Hand! 10 Thanks!

Joined: 4/22/2010(UTC)
Posts: 475
Location: NC

Was thanked: 17 time(s) in 15 post(s)
The problem with a self-signed cert is that you have to make the client browsers trust it; otherwise ClickOnce deployment will likely fail. As long as you get a browser security warning, ClickOnce is going to have a problem deploying the client.
ScreenConnect Team
Mc128k  
#4 Posted : Sunday, May 19, 2013 8:28:31 AM(UTC)
Mc128k


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 5/7/2013(UTC)
Posts: 47
Location: Parma

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
This is just for not sending credentials in cleartext. Is there another way? I only need it for the host console for security purposes.

Thank you.
Chris@Taieri  
#5 Posted : Tuesday, May 21, 2013 5:33:06 AM(UTC)
Chris@Taieri


Rank: Member

Joined: 6/23/2011(UTC)
Posts: 28
Location: New Zealand

Is it just me or are the above links broken? All I get is a warning "Please do not link directly to this resource. You must have a session in the forum."
Sean  
#6 Posted : Tuesday, May 21, 2013 12:12:49 PM(UTC)
Sean


Rank: Administration

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 4/16/2010(UTC)
Posts: 434
Location: Raleigh

Thanks: 4 times
Was thanked: 36 time(s) in 31 post(s)
They appear to be working from our side. Can you try again?
ScreenConnect Team
Sean  
#7 Posted : Tuesday, May 21, 2013 12:16:58 PM(UTC)
Sean


Rank: Administration

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 4/16/2010(UTC)
Posts: 434
Location: Raleigh

Thanks: 4 times
Was thanked: 36 time(s) in 31 post(s)
Mc128k wrote:
This is just for not sending credentials in cleartext. Is there another way? I only need it for the host console for security purposes.

Thank you.


All data passing between host and guest systems is fully encrypted and protected from unauthorized access. This includes all screen data, file transfers, key strokes, and chat messages. ScreenConnect employs a 256 bit AES encryption algorithm, similar to that used by many banking and government institutions.

Although ScreenConnect encrypts all Relay session traffic by default, the Web Server HTTP traffic is not encrypted unless configured with SSL. There's really not a way to SSL/secure just the Login process without securing the entire website. Though this is something that we are looking into.

Edited by moderator Tuesday, May 21, 2013 12:40:51 PM(UTC)  | Reason: Not specified

ScreenConnect Team
thanks 1 user thanked Sean for this useful post.
Mc128k on 5/21/2013(UTC)
Chris@Taieri  
#8 Posted : Wednesday, May 22, 2013 5:11:21 AM(UTC)
Chris@Taieri


Rank: Member

Joined: 6/23/2011(UTC)
Posts: 28
Location: New Zealand

Sean wrote:
They appear to be working from our side. Can you try again?


Working for me now. Not sure what happened there!!
Kat  
#9 Posted : Tuesday, July 9, 2013 2:59:41 PM(UTC)
Kat


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC

Was thanked: 6 time(s) in 6 post(s)
Script has been updated!
ScreenConnect Team
stevenleeconsulting  
#10 Posted : Friday, November 22, 2013 12:09:47 PM(UTC)
stevenleeconsulting


Rank: Newbie

Joined: 11/22/2013(UTC)
Posts: 1
Location: Asheville

Your ScreenConnect SSL Configurator utility may be what I'm looking for.

Currently I have single external static IP address with an IIS7 web server on Windows Server 2008 R2. I just got a cert from a certificate authority, http://www.startssl.com/ for free by the way.

I already have a website and I'm using port 443 bound to all local IPs.

Both HTTP an HTTPS requests are working on the website. e.g. http://mysite and https://mysite on 443

I'd like to use the same cert on port 8040 to secure those sessions as well for ScreenConnect. e.g. https://mysite:8040. Will this utility do this?

I've looked at http://help.screenconnect.com/HOWTO-0004.ashx. It seems a bit Greekish to me.

Aside from running the utility, do I need to do anything else to prepare for it? I really don't want to break my existing IIS website, or the SSL function on that site.
kisingercampo  
#11 Posted : Thursday, January 30, 2014 9:16:09 PM(UTC)
kisingercampo


Rank: Newbie

Joined: 1/30/2014(UTC)
Posts: 1
United States
Location: Tampa

I have a question which I have been unable to find the answer to in the various posts on the topic including this. It seems that once the SSL cert has been created and bound and the webconfig has been altered to have the webserver listen on port 443 then the relay cannot also run on port 443? Is this correct and if so what is the recommended solution? After following the procedure I seem to only be able to get either the relay service which I had previously changed in the webconfig to port 443 or the webserver service to run once it is changed from 80 which I had previously edited to be to 443 via the configurator. I understand that the relay is encrypted and for internal use I was fine with leaving the webserver on 80 and relay on 443 but for potential meetings with clients, etc. many would be hesitant to go to a site not using SSL so I wanted to change it to avoid this potential issue.

Thanks in advance for the heads up.
bigdessert  
#12 Posted : Saturday, February 1, 2014 12:40:22 AM(UTC)
bigdessert


Rank: Advanced Member

Medals: ScreenConnect Advisor: Focus Group MemberLevel 3: Shirt off your back! Received 25 Thanks!

Joined: 9/13/2010(UTC)
Posts: 707
Location: Minnesota

Thanks: 1 times
Was thanked: 44 time(s) in 32 post(s)
Originally Posted by: kisingercampo Go to Quoted Post
I have a question which I have been unable to find the answer to in the various posts on the topic including this. It seems that once the SSL cert has been created and bound and the webconfig has been altered to have the webserver listen on port 443 then the relay cannot also run on port 443? Is this correct and if so what is the recommended solution? After following the procedure I seem to only be able to get either the relay service which I had previously changed in the webconfig to port 443 or the webserver service to run once it is changed from 80 which I had previously edited to be to 443 via the configurator. I understand that the relay is encrypted and for internal use I was fine with leaving the webserver on 80 and relay on 443 but for potential meetings with clients, etc. many would be hesitant to go to a site not using SSL so I wanted to change it to avoid this potential issue.

Thanks in advance for the heads up.


You can leave relay on 80(it is encrypted anyway) and put your web on 443. Where things get tricky is if you also want to have port 80 for web with a redirect.

farewelldave  
#13 Posted : Friday, February 7, 2014 3:13:09 PM(UTC)
farewelldave


Rank: Newbie

Joined: 2/7/2014(UTC)
Posts: 4
United States
Location: Missouri

We are using StartSSL for secondary SSL certificates, etc. However, this tool uses MD5 hashes for generating the CSR, and StartSSL only will support SHA1 or better.

Can this be modified with the current tool using a command line argument? I have a trial account right now, but am uncomfortable with non-SSL for technicians logging into the product with their AD accounts.

UPDATE 2/25/2014: What I did was utilize our Certificate Authority's SSL Generation tool to generate both a Private key and a Public key for our domain. After that, I found a thread about how to secure both the "Web Interface" and the "Relay" services. See more here

Edited by user Tuesday, February 25, 2014 10:36:54 PM(UTC)  | Reason: Adding link to forum post for my resolution method.

pocketfuzz  
#14 Posted : Tuesday, February 25, 2014 10:16:31 PM(UTC)
pocketfuzz


Rank: Newbie

Joined: 2/25/2014(UTC)
Posts: 3
United States
Location: Toledo

Quote:
All data passing between host and guest systems is fully encrypted and protected from unauthorized access. This includes all screen data, file transfers, key strokes, and chat messages. ScreenConnect employs a 256 bit AES encryption algorithm, similar to that used by many banking and government institutions.

Although ScreenConnect encrypts all Relay session traffic by default, the Web Server HTTP traffic is not encrypted unless configured with SSL. There's really not a way to SSL/secure just the Login process without securing the entire website. Though this is something that we are looking into.



Does "fully encrypted" also apply to the new VoIP feature in version 4.1?
jjrbg  
#15 Posted : Thursday, March 13, 2014 9:55:13 AM(UTC)
jjrbg


Rank: Newbie

Joined: 3/13/2014(UTC)
Posts: 5
United Kingdom

Downloaded latest version of SC (v4.2), and running on Ubuntu Server 12.04.

Generated an external CA validated certificate, by using the ScreenConnect SSL Configurator.

I've extracted the tarball, but there is no httplistener directory to extract the certificate and private key into. The path only contains "certs" or "keypairs". I've tried installing it using:

Code:
httpcfg -add -port 443 -cert 443.cer -pvk 443.pvk


Still no joy. I just get "SSL connection error" in Chrome.

Any ideas? Has the process changed from SC v4.1 to v4.2?
Kat  
#16 Posted : Wednesday, March 19, 2014 2:06:29 PM(UTC)
Kat


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/19/2010(UTC)
Posts: 473
Location: Raleigh, NC

Was thanked: 6 time(s) in 6 post(s)
There should be no change in the directory for 4.2. If you don't see the httplistener directory, just create it.
ScreenConnect Team
pcheroes  
#17 Posted : Tuesday, April 15, 2014 11:46:34 PM(UTC)
pcheroes


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/15/2014(UTC)
Posts: 18
New Zealand
Location: Hamilton

Was thanked: 1 time(s) in 1 post(s)
Hey there. I have the same issue. Firstly there was no httplistener directory so I created it - copying the 443.pvk and 443.

I made the changes to the web.config file as suggested.

I navigated to the httplistener directory then ran -

httpcfg -add -port 443 -pvk 443.pvk -cert 443.cert

This seemed to go off without a hitch. When I use the httpcfg -list command it gives me the thumbprint on the port.

When I navigate to the site using https however it just comes back with SSL Connection Error - as if it doesnt even know there is a certificate registered.

When I go to my site with :443 --- it works --- but using HTTPS gives SSL Connection Error. So 443 is open - just not secured.

Shouldnt I have to register the certificate locations somewhere in the configs?????

Please excuse my bluntness - I am used to working with Apache2 and Mono is a little strange for me.
pcheroes  
#18 Posted : Tuesday, April 15, 2014 11:47:45 PM(UTC)
pcheroes


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/15/2014(UTC)
Posts: 18
New Zealand
Location: Hamilton

Was thanked: 1 time(s) in 1 post(s)
Please note I typed the above out quickly. I have done this over and over again several dozen times so a typo isnt really a factor... --- it feels to me like I am missing a step (or steps).

PLEASE HELP!!! Thank you in advance.
John  
#19 Posted : Thursday, April 17, 2014 3:50:53 PM(UTC)
John


Rank: Guest

Medals: Level 2: Lent a Helping Hand! 10 Thanks!

Joined: 3/25/2014(UTC)
Posts: 226

Thanks: 5 times
Was thanked: 12 time(s) in 11 post(s)
pcheroes, we might need to get a session going to get a closer look. Please email us at support@screenconnect.com and reference this forum post.

Thank you
BArnold  
#20 Posted : Friday, May 29, 2015 6:12:50 PM(UTC)
BArnold


Rank: Newbie

Joined: 5/29/2015(UTC)
Posts: 1
United States
Location: Central

Greetings Everyone,

I just got my new NEO yubikey today ! It was really easy to configure to get it to work with the interface of ScreenConnect via a computer. Now at my job sometimes it requires me to use my phone to access screenconnect. Since my account is setup to use the yubikey, I had to find a way using NFC to get the generated OTP into the application. So here is what I did, simplified.

* Pre-assuming that you have the screen connect app already configured*

0) Make sure that NFC is turned on
1) Go to the App Store and and download yubiclip
2) Go to the Screen Connect App
3) Login with credentials
4) When asked for the OTP, touch NEO to your device
5) Select to complete action using YubiClip
6) Long press the OTP field and Paste
7) Log in.

You should now be seeing your screen connect site.

Edited by user Friday, May 29, 2015 6:15:04 PM(UTC)  | Reason: mention NFC

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.