The free version of the local LAN server accepts connections over HTTP only. The technology Agent uses will work locally over HTTP but for remote connections it needs SSL. If you want secured remote access to Agent you will need to use the remote web portal which has a secure connection to Agent, SSL certificates configured for browser access and secured high bandwidth routing servers for connection establishment and media transfer.

Agent from v3.4.4.0+ supports SSL connections on the local network but only if you have an active subscription.

SSL install on Windows

Using the Windows SDK create a Certificate Authority (CA):

makecert -n "CN=vMargeCA" -r -sv vMargeCA.pvk vMargeCA.cer

Create an SSL certificate:

makecert -sk vMargeSignedByCA -iv vMargeCA.pvk -n "CN=vMargeSignedByCA" -ic vMargeCA.cer vMargeSignedByCA.cer -sr localmachine -ss My

Use the MMC GUI to install the CA in the Trusted Authority store

Use the MMC GUI to install the SSL certificate in the Personal store

Bind the certificate to the IP address:port and application:

netsh http add sslcert ipport=0.0.0.0:8090 certhash=YOUR_CERT_HASH appid={642c92c9-a595-4315-b9cb-3cfdc902805b}

Where YOUR_CERT_HASH is the thumbprint from your SSL certificate which you can find using MMC.

When you have generated and installed the certificate and you have a valid subscription you can switch on SSL only mode in server settings under Local Server.

SSL install on Unix (Linux/ Mac)

Setting up SSL on Unix is different to Windows. You will need to use a reverse proxy. See NGINX Reverse Proxy for an example.


Troubleshooting

If the browser fails to connect and you cannot resolve the issue with the certificate you can reset the SSL requirement in Agent by stopping the service, edit the file Agent/Media/XML/config.xml and set RequireLANSSL to "false". Save and restart Agent.