Support for mutual TLS on UNIX-like devices

FlexNet Manager Suite version 2021 R1.2
When clients (such as inventory devices where the FlexNet inventory agent is running) use the HTTPS protocol to communicate with servers (such as inventory beacons), their communication is authenticated using one of these forms of Transport Layer Security (TLS):
  • Standard (or 'single-sided') TLS, where the client validates a current certificate from the server
  • Mutual TLS, where the client still validates a server certificate, and, in addition, the server requires a valid certificate from the client.
This release adds mutual TLS support for UNIX-like inventory devices. Configuration currently requires settings added to the config.ini file that acts as a pseudo-registry on these platforms (start with the topic Agent Third-Party Deployment: Enabling the HTTPS Protocol on UNIX Agents in the Gathering FlexNet Inventory reference, available through the title page of online help or through docs.flexera.com). As well, the inventory beacon must be configured for mutual TLS, for which see the online help under Inventory Beacons > Local Web Server > Configuring Mutual TLS. Keep in mind that configuring an inventory beacon to require client certificates impacts all inventory devices that may attempt to communicate with it. For this reason, the decision to switch to mutual TLS is commonly a blanket decision affecting (minimally) a bounded segment of your corporate network. Inventory devices running Microsoft Windows already support mutual TLS; and this release adds support for UNIX-like devices, so that a global change-over is now manageable.

FlexNet Manager Suite (On-Premises)

2022 R1