Skip to main content

Support for mutual TLS on UNIX-like devices

note

This feature is available with IT Asset Management.

When clients (such as inventory devices where the FlexNet inventory agent is running) use the HTTPS protocol to communicate with servers (such as inventory beacons), their communication is authenticated using one of these forms of Transport Layer Security (TLS):

  • Standard (or 'single-sided') TLS, where the client validates a current certificate from the server
  • Mutual TLS, where the client still validates a server certificate, and, in addition, the server requires a valid certificate from the client.

This release adds mutual TLS support for UNIX-like inventory devices. Configuration currently requires settings added to the config.ini file that acts as a pseudo-registry on these platforms (start with the topic Agent Third-Party Deployment: Enabling the HTTPS Protocol on UNIX Agents in the Gathering FlexNet Inventory reference. As well, the inventory beacon must be configured for mutual TLS, for which see the Flexera One Help in the Configuring Mutual TLS topic. Keep in mind that configuring an inventory beacon to require client certificates impacts all inventory devices that may attempt to communicate with it. For this reason, the decision to switch to mutual TLS is commonly a blanket decision affecting (minimally) a bounded segment of your corporate network. Inventory devices running Microsoft Windows already support mutual TLS; and this release adds support for UNIX-like devices, so that a global change-over is now manageable.