https://communities.sas.com/t5/Administration-and-Deployment/SSL-Deployment-Agent-config-question-prior-to-install/m-p/237213#M3670 <P>A source of mine writes:</P> <P>&nbsp;</P> <P style="margin: 0in 0in 0pt;"><SPAN style="color: rgb(31, 73, 125);"><FONT face="Calibri" size="3">There is a difference between these two types of connections (Web Server connections and Agent connections), and it would be best if they considered them independently within their security infrastructure.</FONT></SPAN></P> <P style="margin: 0in 0in 0pt;"><SPAN style="color: rgb(31, 73, 125);"><FONT face="Calibri" size="3">&nbsp;</FONT></SPAN></P> <P style="margin: 0in 0in 0pt;"><SPAN style="color: rgb(31, 73, 125);"><FONT face="Calibri" size="3">Given that the connections between the SAS Deployment Agents are internal only connections, they can do whatever they want (set up certificates or not), however, I personally do not think it is a good practice to allow something like the SAS Deployment Agent to remain insecure. It’s basically an API that can execute anything you want on a remote machine. In general, we recommend that the Deployment Agent and the EV Agents be secured using our generated certificates regardless of what they intend to do with external network connections.</FONT></SPAN></P> Tue, 01 Dec 2015 21:11:05 GMT gregraka 2015-12-01T21:11:05Z https://communities.sas.com/t5/Administration-and-Deployment/SSL-Deployment-Agent-config-question-prior-to-install/m-p/174395#M2227 <HTML><HEAD></HEAD><BODY><P>When doing a SSL - we only want the web server SSL the SAS Applications like IDP, WRS and STP Web Server.</P><P></P><P>Hence for the section of the SAS 9.4 install/config guide, Implement Certificates for SAS Deployment Agent, will not apply, correct? only 'Certificates for Web Server' section. Correct?</P><P></P><P>Thanks for any help on this,</P><P></P><P>jp</P></BODY></HTML> Mon, 17 Nov 2014 16:40:18 GMT https://communities.sas.com/t5/Administration-and-Deployment/SSL-Deployment-Agent-config-question-prior-to-install/m-p/174395#M2227 jplarios 2014-11-17T16:40:18Z https://communities.sas.com/t5/Administration-and-Deployment/SSL-Deployment-Agent-config-question-prior-to-install/m-p/237213#M3670 <P>A source of mine writes:</P> <P>&nbsp;</P> <P style="margin: 0in 0in 0pt;"><SPAN style="color: rgb(31, 73, 125);"><FONT face="Calibri" size="3">There is a difference between these two types of connections (Web Server connections and Agent connections), and it would be best if they considered them independently within their security infrastructure.</FONT></SPAN></P> <P style="margin: 0in 0in 0pt;"><SPAN style="color: rgb(31, 73, 125);"><FONT face="Calibri" size="3">&nbsp;</FONT></SPAN></P> <P style="margin: 0in 0in 0pt;"><SPAN style="color: rgb(31, 73, 125);"><FONT face="Calibri" size="3">Given that the connections between the SAS Deployment Agents are internal only connections, they can do whatever they want (set up certificates or not), however, I personally do not think it is a good practice to allow something like the SAS Deployment Agent to remain insecure. It’s basically an API that can execute anything you want on a remote machine. In general, we recommend that the Deployment Agent and the EV Agents be secured using our generated certificates regardless of what they intend to do with external network connections.</FONT></SPAN></P> Tue, 01 Dec 2015 21:11:05 GMT https://communities.sas.com/t5/Administration-and-Deployment/SSL-Deployment-Agent-config-question-prior-to-install/m-p/237213#M3670 gregraka 2015-12-01T21:11:05Z