Scope-IT / marksman

Windows agent for Snipe-IT asset management system
Apache License 2.0
132 stars 23 forks source link

HTTPS prevents marksman agent to communicate with Snipe-IT server #35

Open brunotvaz opened 4 years ago

brunotvaz commented 4 years ago

Hi Guys,

1st let me CONGRATULATE all of you for your hard work and dedication to this project. THANK YOU !! In relation to this particular issue: "Could not establish trust relationship for the SSL/TLS secure channel": marksman_ssl_error

Is it possible to "allow" self-signed certificates or somehow bypass the "ssl check" ?

Maybe this will help ???! https://dejanstojanovic.net/aspnet/2014/september/bypass-ssl-certificate-validation/ Bypass SSL certificate validation Many thanks in advance.

brunotvaz commented 4 years ago

My Snipe-IT server uses LDAP to "communicate" with my Active Directory Domain. For obvious reasons I do NOT want to allow unencrypted communications hence the use of SSL certificates. Please help me sort this issue so I can use this agent in a "production environment".

velaar commented 4 years ago

@brunotvaz

I wonder if you have considered establishing proper chain of certificates and trust the snipe-it server or just getting a 3rd party certificate trusted by windows. Making a certificate locally trusted should also resolve the issue, while it is an incorrect solution unless you have a local CA.

brunotvaz commented 4 years ago

Hi velaar,

Many thanks for your reply. I understand what you are saying but this is an internal server that doesn't have "exposure" to the internet. I could potentially open port 443 and forward it to the Snipe-IT server and then use Let'sEncrypt to generate a valid certificate. But that's exactly what I don't want to do since that would expose the server to the internet. I'll have a look into "updating" the self-signed certificate (that is currently on that server) to see if I can overcome the issue somehow. Again thank you for your assistance ;)