Issue
When opening LANDESK Workspace a Security Alert message appears. If you view and install the Certificate the message still appears each time Workspace is opened.
Image may be NSFW.
Clik here to view.
Security Alert
The identity of this web site or the integrity of this connection cannot be verified.
The security certificate was issues by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.
The security certificate date is valid.
The security certificate has a valid name and matching the name of the page you are trying to view.
Resolution
A Self-Signed Certificate needs to be created in IIS for the FQDN of your Core, associated with your Core's Default Web Site, and then pushed to the Client using Group Policy.
Creating a Self-Signed Certificate
- Open Internet Information Services (IIS) Manager
- In the Connections pane select your Core
- In the Features pane double click Server Certificates
Image may be NSFW.
Clik here to view.
- In the Server Certificates Actions pane select Create Self-Signed Certificate...
Image may be NSFW.
Clik here to view.
- Enter the Fully Qualified Domain Name (FQDN) of your Core in the Specify a Friendly name for the Certificate: (CoreName.Domain.com)
Image may be NSFW.
Clik here to view.
- Click OK
Export Certificate to your Group Policy Server
- In the Server Certificates pane select the certificate you created
- In the Server Certificates Actions pane select Export...
Image may be NSFW.
Clik here to view.
- Select the location of your Group Policy server in Export To: and give it a file name
- Enter a Password: and Confirm Password:
- Click OK
Apply Certificate to the Default Web Site on your Core
- In the Connections pane expand your Core
- In the Connections pane expand Sites
- In the Connections pane select Default Web Site
- In the Actions pane under Edit Site select Bindings...
Image may be NSFW.
Clik here to view.
- On Site Bindings click Add
- Under Type: select https
- In Host Name: type the FQDN of the Core (CoreName.Domain.com)
- Under SSL Certificate: select the certificate you created
Image may be NSFW.
Clik here to view.
- Click Select...
- Click OK (on Add Site Bindings)
- Click Close (on Site Bindings)
Create and Enforce Group Policy for your new Certificate
- Open Group Policy Management (Start > Run > type gpmc.msc)
- Expand Forest: domain.com
- Expand Domains
- Right click your domain
- Select Create a GPO in this domain, and link it here...
Image may be NSFW.
Clik here to view.
- Name the new GPO and click OK
- For consistency it can be named the same as your certificate CoreName.Domain.com
- Right Click the new Linked Group Policy Object and click Edit
- In the Group Policy Management Editor expand
- Computer Configuration
- Windows Settings
- Security Settings
- Public Key Policies
- Right click Trusted Root Certification Authorities
- Select Import
Image may be NSFW.
Clik here to view.
- On the Certificate Import Wizard
- Click Next > on the first screen
- Click Browse... to select the exported certificate file and click Next >
- Enter the password created for this certificate and click Next >
- Click Next > on the Certificate Store screen
- Click Finish on the last screen
- In the Group Policy Management window
- Right Click the new Linked Group Policy Object and click Enforce
Apply the new Group Policy on Client Devices
- The new Group Policy will be enforced on Client Devices
- When the device is rebooted
- When a background update is executed, the default is 90 minutes @(Group Policy refresh interval for computers)
- When gpupdate /force is run (Refresh Group Policy settings with GPUpdate.exe)