CheckServerCertificate

IT Asset Management (Cloud)

Command line | Registry

When transferring data to or from an inventory beacon using the HTTPS protocol, a web server certificate is applied to the data being transferred. All components can (and by default do) validate the public certificates received from the inventory beacon against their local copy (on Windows, in the certificate store; and on UNIX in the PEM file).

If you wish, you can use the CheckServerCertificate preference to prevent agents from performing the certificate check. (Without this check, the certificate is ignored, and the HTTPS protocol provides only encryption as security on the transfer, without validating that the agent is contacting the correct inventory beacon server.)

This preference also controls the signature and certificate validation for self-extracting EXE packages. Setting this preference to False will bypass the full validation of these packages, which can be useful in situations where package download failures occur due to inability to access validation resources.

You can set this as a common registry entry, so that the same behavior occurs across all components; and you can override the common behavior by setting an overriding registry entry for any individual component if required. By default, this preference is set so that all components check the inventory beacon server certificate against the root CA certificate.

Values

Values / range	Boolean (`True` or `False`)
Default value	`True` Enables full certificate validation for both HTTPS connections and self-extracting EXE packages.
Example values	`False` Disables certificate validation for both HTTPS connections and self-extracting EXE packages.

Values / range

Boolean (True or False)

Default value

True

Enables full certificate validation for both HTTPS connections and self-extracting EXE packages.

Example values

False

Disables certificate validation for both HTTPS connections and self-extracting EXE packages.

Command line

Tool	ndtrack, ndupload
Example	`-o CheckServerCertificate="False"`

Registry

Installed by	Manual configuration
Computer preference	`[Registry]\ManageSoft\Common` or `[Registry]\ManageSoft\<Component>\CurrentVersion` where `<Component>` is the registry key for an individual component. Note: In some circumstances, only the more specific path for a specific component works.

IT Asset Management (Cloud)

Current