New Options & Pricing from ScreenConnect

FATeknollogee

Any one have instructions on how to add Lets Encrypt SSL to "on-prem" SC install?

FATeknollogee

@jaredbusch said in New Options & Pricing from ScreenConnect:

@fateknollogee said in New Options & Pricing from ScreenConnect:

@JaredBusch Did you end up moving your SC install from 2012 R2 to Linux?

Yes.

You notice any performance difference or was it more of a licensing cost issue?

JaredBusch

@fateknollogee said in New Options & Pricing from ScreenConnect:

Any one have instructions on how to add Lets Encrypt SSL to "on-prem" SC install?

Mine runs behind an Nginx proxy, so no.

JaredBusch

@fateknollogee said in New Options & Pricing from ScreenConnect:

@jaredbusch said in New Options & Pricing from ScreenConnect:

@fateknollogee said in New Options & Pricing from ScreenConnect:

@JaredBusch Did you end up moving your SC install from 2012 R2 to Linux?

Yes.

You notice any performance difference or was it more of a licensing cost issue?

It was all because of licensing. Actually the performance is worse on Linux (I used CentOS 7 at the time) than it is on Windows. This is because they develop this product on Windows with ASP.net and then ported it to Linux using Mono.

FATeknollogee

@jaredbusch said in New Options & Pricing from ScreenConnect:

Mine runs behind an Nginx proxy, so no.

Is this the "preferred" way to run it?

JaredBusch

@fateknollogee said in New Options & Pricing from ScreenConnect:

@jaredbusch said in New Options & Pricing from ScreenConnect:

Mine runs behind an Nginx proxy, so no.

Is this the "preferred" way to run it?

Well because I run a large number of things in a colo behind a single IP, I have to do it this way. If I was running this on a VPS like Vultr, I would not likely bother with the proxy unless adding SSL was complicated or something.

JaredBusch

@FATeknollogee I knew ScreenConnect did not use Apache or Nginx, and so yeah using LE will not work out well.

So I just did a quick bit of looking, you have to use their tool to generate a CSR and such.
https://docs.connectwise.com/ConnectWise_Control_Documentation/On-premises/Advanced_setup/SSL_certificate_installation
This is a pain in the ass.

So, here is what I would do.

• Install ScreenConnect and leave on default ports (8040 for HTTP and 8041 Relay).
  • Remember the relay data is always encrypted by the app itself, there is no cert there.
• Run Certbot in standalone mode to get your LE cert
• Install Nginx on the same box and configure
  • forward 80 to 443
  • setup 443 to use the LE cert and forward 443 to http://127.0.0.1:8040
• Setup a cron job to run certbot renew daily.

FATeknollogee

@JaredBusch Thanks for the detailed info!!

Mike Davis

I wish there was just a little more competition in this area...

Alex Sage

@mike-davis me too