Are there any options for file transfer (specifically certs) on devices using ICG? We’re getting some sporadic reports of our public CA chain not being trusted from home devices. To overcome this I was going to just try to push the public CA chain down like we do with on-prem devices, only to realize it doesn’t seem possible.
Hi Nick. That should not be a problem. Of course we recommend a public signed cert like GoDaddy etc.
Yeah, it’s not making much sense on why random devices are reporting it. It’s even displaying the full chain in the error successfully.
Exactly – random errors are the worse one
I was going to try to send the CA chain manually to the device to see if that makes a difference, but I can’t transfer certs via ICG it seems. Are there any workarounds for that?
So for the installation of the ICG you imported the RootCA and signed cert under Cloud Gateway options and referred to that during the ICG installation. There wasn’t an error at installation?
This is actually a Horizon Client SSL Error – ICG is working fine, but I’m curious if I can send files to devices over ICG?
Ah got you. So your internal RootCA…
Importing it via the file section and drag and drop it to the devices doesn’t work for the ICG-connected ones?
That appears to be the case. It’s actually a public chain, but I want to push both the root and intermed to see if it helps alleviate the issue. If it’s joined to ICG and I directly assign the files, I get an error for file transfer when I push settings.
I think it’s the same limitation as with Firmware – you have to host the source externally
@member thanks – I was already thinking about that. Sometimes a few KB are fine for ICG, but perhaps it’s to “big”. One alternative is to use different files, one for root, one for intermediate etc.
Yeah and we do the firmware for ICG devices via SFTP, but is there a config do do that with files? I cannot find one.
My guess is you cold host it on an external server and configure the path
Yeah that looks like it’s hard-coded for the UMS server, though. It’s not a free text field. That field is used if the file already exists on UMS server and you don’t want to upload another.
you are right, just tried to put a custom path in there but as you say it’s not free text
When pushing files through an ICG you cannot change the path. The file must be hosted on the UMS server.
I discovered this a while back when working with a customer.
Yep that’s what I was seeing – will get a FR submitted for that. Thanks!
@member – with the exception of firmware, you can transfer files from the UMS server through ICG down to the device. This is from some notes we provided for an ICG training class at our Disrupt conferences in 2019:
1. Endpoint establishes a permanent WebSocket connection through ICG to UMS (That counts as one connection on the ICG machine) and requests configurations and other files from UMS. The amount of data transferred is very small somewhere in the single digit KB range, which makes this part very slim on ICG resource consumption. This connection will stay until the endpoint disconnects from it. The UMS is sending “keep alive” packages to make sure that the connection does not time out.
2. UMS will upload group.ini and other files like wallpapers and certificates to ICG where it will be stored temporarily till the endpoint “collects” them. This is one temporary https connection which should be closed as soon as the upload is done. The file size depends on which actions are pending e.g. transferring a text group.ini file with 10KB or a UHD wallpaper with 4MB to a thousand devices will have a big impact on resource consumption.
The IGEL Endpoint will download all files from ICG via a temporary https connection.
Continue reading and comment on the thread ‘How to: file transfer (specifically certs) on IGEL OS using ICG?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!