Re: SSL Deployment Agent config question prior to install

jplarios · Posted 11-17-2014 11:40 AM

When doing a SSL - we only want the web server SSL the SAS Applications like IDP, WRS and STP Web Server.

Hence for the section of the SAS 9.4 install/config guide, Implement Certificates for SAS Deployment Agent, will not apply, correct? only 'Certificates for Web Server' section. Correct?

Thanks for any help on this,

jp

gregraka · Posted 12-01-2015 12:27 PM

A source of mine writes:

There is a difference between these two types of connections (Web Server connections and Agent connections), and it would be best if they considered them independently within their security infrastructure.

Given that the connections between the SAS Deployment Agents are internal only connections, they can do whatever they want (set up certificates or not), however, I personally do not think it is a good practice to allow something like the SAS Deployment Agent to remain insecure. It’s basically an API that can execute anything you want on a remote machine. In general, we recommend that the Deployment Agent and the EV Agents be secured using our generated certificates regardless of what they intend to do with external network connections.