This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Jack_Prenderga1
Contributor
‎2018-04-12 04:07 AM

ICA Management Tool

Hello.

When I try create and download certificates, or edit the CA settings, I get this

The URL you requested could not be found on this server.

This is when I am connected to the ICA management tool on 18265.

Any advice?

Reply
7 Replies
Danny
Champion
Champion
‎2018-04-12 05:37 AM

The ICA Management Tool is disabled by default. You can enable it on the CLI of your SmartCenter Server.

Example: cpca_client set_mgmt_tool on -no_ssl

Access the WebUI of your ICA Management Tool via : http://<ip-of-your-smartcenter>:18265

cpca_client [-d] set_mgmt_tool on|off [-p <ca_port>] [-no_ssl]
[-a|-u "administrator|user DN" ... ]

  * on starts the ICA Management Tool (on port 18265)
  * off stops the ICA Management Tool
  * -p specifies a different port to access the ICA Management Tool
  * -no_ssl starts the ICA Management Tool on http instead of https
  * -a "administrator DN"

Sample screenshot:

If your issue remains, try to work on CLI only by using the following commands:

cpca_client lscert

cpca_client create_cert

cpca_client revoke_cert

Reply
Jack_Prenderga1
Contributor
‎2018-04-12 05:46 AM
In response to Danny

Danny,

thanks for your reply.

it is enabled. I can connect to the tool, and get the same pages as you provided. Whenever I try download a certificate, it comes up the error above. A few other parts to the site display the same error too.

if I did it via clish, how would I download the cert? Or retrieve it?

0 Kudos
Reply
Jack_Prenderga1
Contributor
‎2018-04-12 05:46 AM
In response to Jack_Prenderga1

In addition, I do have SSL enabled. Should I disable it as you said above?

0 Kudos
Reply
Danny
Champion
Champion
‎2018-04-12 05:48 AM
In response to Jack_Prenderga1

That's what I suggested to try. May I ask what you are trying to do with the ICA Management Tool that SmartDashboard can't?

You would copy certs off your SmartCenter's CLI via scp of course.

0 Kudos
Reply
Jack_Prenderga1
Contributor
‎2018-04-12 06:17 AM
In response to Danny

You maybe able to help me here actually.

I am setting up the authentication for mobile remote access. I want all corporate machines, connection to the IPSEC VPN to have a personal certificate, and also RADIUS auth.

I know there is an option under multiple auth for cert+user and password.

I believe the 'personal certificate' part needs to be created by the internal CA, hence why I am trying to log into the ICA.

Am I doing this wrong? I want 1 generic certificate that I can generate and deploy via group policy to all corporate machines, so non-corporate machines can not connect, regardless if they can authenticate via RADIUS.

1) Would this work?

2) Is this the best way to do it?

Danny - your help is appreciated. I feel like I am running around in circles at the moment.

0 Kudos
Reply
Danny
Champion
Champion
‎2018-04-12 06:27 AM
In response to Jack_Prenderga1

Typically you'd create personal certificates within SmartDashboard within the User Properties of your User Accounts.

0 Kudos
Reply
Jack_Prenderga1
Contributor
‎2018-04-12 06:34 AM
In response to Danny

Okay, I have a question for you then.

So, as above, we need a certificate for machines, not users. We may have multiple users over the year using the same corporate laptop. We need 1 certificate we can deploy across all corporate machines, so its locked and stored there, and deployed via group policy.

If I did it that way, through SmartDashboard, how could I create 1 generic one for machines, and not tie it to single users? We have over 4000 employees, and 3000 corporate laptops. Obviously it would be impossible deploy a certificate for every user, or every machine.

1 generic one would do the trick. Any clues?

Thanks again.

0 Kudos
Reply