Question regarding use of HTTPS with WMS

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #54068
    Avatarschurmb
    Participant
    • Total Post: 16
    • Regular Joe
    • ★★

    Hi,

    We have an on-prem wms 1.2 deployment  with thinos devices running  8.5_024, 8.6_027 and 8.6_303 firmware. WMS uses a self signed certificate.

    I read in the release of DSA-2020-281: DELL WYSE THINOS 8.6 SECURITY UPDATE FOR INSECURE DEFAULT CONFIGURATION VULNERABILITIES, that the vulnerability shouldn’t apply when you use WMS.

    Dows this also apply when you use a self signed certificate?

    When I check on the thin client under ‘central configuration – WDA’, I see a red lock next to the WMS server address. ‘Enable CA Validation’ is unchecked.

    I guess this means that we are not using https for the connection to the Wyse server?

     

    I want to install an internal certificate on the Wyse server to replace the self signed one.

    So the steps to take are :

    1. upload the root CA certificate to the thin clients via security settings in WMS

    2. Install the certificate on the Wyse server

    3. Enable CA validation on the thin clients

    Is this correct?

     

    Thanks

    #58321
    ConfGenConfGen
    Keymaster
    • Total Post: 11285
    • Jedi Master
    • ★★★★★★★

    Yes, as WMS uses SSL this vulnerability does not apply here regardless of the used certificate.

    CG

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.