Skip to main content
Matrix42 Self-Service Help Center

EM Communication Encryption

As of version 7.3, communication between all Enterprise Manager components is encrypted using the TLS 1.2 standard. Therefore it is absolutely necessary that the Enterprise Manager Server and the Enterprise Manager Distribution Point run in the same version and that the communication works via https. The communication to the agents also works to the previous versions 7.x and 6.x via the old unencrypted port. In order to ensure encrypted and constant communication, a certificate is automatically stored and installed in the local certificate store on each computer object for each component. This works in detail for the individual components as follows:

Enterprise Manager Server

Installs or update Enterprise Manager Server version 7.3 or later. Automatically creates a certificate on the computer object under "Personal" and "Trusted Root Certification  Authorities". The naming convention is always as follows name: %local computer name%, expiration date: "in 30 years", friendly name: "Matrix42 Enterprise Manager Server".

Zertifikatsstore.JPG

If the certificate is deleted by an administrator, then after a restart of services the system checks whether the certificate is available and if necessary installs it again.

In addition to the certificate, new incoming rules for the new communication (port) are automatically stored in the local firewall. These are identified by the name "Matrix42 Enterprise Manager Server Https". 

inbound rules.JPG

The https communication port can of course be adapted and changed in the web console. Here another port has been added to the EM Server settings page.

EM Server config.JPG

Enterprise Manager Distribution Point

Installs or update Enterprise Manager DP version 7.3 or later. Automatically creates a certificate on the computer object under "Personal" and "Trusted Root Certification  Authorities". The naming convention is always as follows name: %local computer name%, expiration date: "in 30 years", friendly name: "Matrix42 Enterprise Manager DP".

Zertifikatsstore.JPG

It is important that the EM DP and EM Server in version 7.3 have the same installed version so that the communication can function correctly!

If the certificate is deleted by an administrator, then after a restart of services the system checks whether the certificate is available and if necessary installs it again.

 In addition to the certificate, new incoming rules for the new communication (port) are automatically stored in the local firewall. These are identified by the name "Matrix42 Enterprise Manager DP Https".

inbound rules.JPG

The https communication port can of course be adapted and changed during installation and in the web console. Another port has been added to the web console under Distribution Point editing.

DP Port.JPG

Enterprise Manager Agent

Installs or update Enterprise Manager Agent version 7.3 or later. Automatically creates a certificate on the computer object under "Personal" and "Trusted Root Certification  Authorities". The naming convention is always as follows name: %local computer name%, expiration date: "in 30 years", friendly name: "Matrix42 Enterprise Manager Agent".

Zertifikatsstore.JPG

A certificate is also installed and stored on each terminal device where the EM Agent is installed.

If the certificate is deleted by an administrator, then after a restart of services the system checks whether the certificate is available and if necessary installs it again.

  In addition to the certificate, new incoming rules for the new communication (port) are automatically stored in the local firewall. These are identified by the name "Matrix42 Enterprise Manager Agent Https".

inbound rules.JPG

The https communication port can of course be adapted and changed during installation. 

  • Was this article helpful?