Use the following information to secure an Uptime Infrastructure Monitor Monitoring Station to Windows Agent communication with TLS v1.2. Users must have administrator access to the machines on which you want to install and configure Agents and to the Monitoring Station.
Stunnel configuration
Begin by setting up the stunnel configuration file to allow only TLS 1.2.
...
[up.time agent]
accept = 9997
connect = 9998
cert = stunnel.pem
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = NO_TLSv1.1
Firewall modification
Create a firewall rule that blocks port 9998 incoming on the Agent machine so that no insecure connections can be made to the Agent. It is a good idea to set the firewall to notify you when applications are blocked as it aids in configuring it with stunnel.
Run stunnel as a service on the Agent machine
Run stunnel as a service that starts when Windows starts so that the connection is re-established once the Agent server is rebooted. Open a command prompt as an administrator, and then change the directory path to the stunnel config file that we edited in the previous Stunnel configuration section, for example:
...
Now, open the Services control panel (Start > Run > services.msc), and find the stunnel service. Although the service is set to automatically start, it is not yet running so you must manually start the service. If your windows firewall asks for confirmation, click Yes.
Monitoring station configuration
In this step, you must modify the Uptime Infrastructure Monitor configuration to restrict secure agent communications to use the version and ciphers of SSL/TLS that you want to use. It is important that you run Notepad as an administrator or use Notepad++ to make these changes. The file is located in the Uptime Infrastructure Monitor installation directory. If you used the default installation, it is located at: C:\uptime or C:\Program Files\uptime software\uptime.
...
After making the changes, be sure to save the file. Restart the Uptime Data Collector Service on the Monitoring Station to pick up the changes. Open the Services control panel. Right-click Uptime Data Collector, and then select Restart. The restart may take several seconds to complete. If several minutes pass, open Task Manager and stop the process, and then attempt to manually start the service.
Adding secured machines to Uptime Infrastructure Monitor or reconfiguring existing monitored servers
| Warning |
|---|
If you make the following changes in the Uptime Agent Global Configuration window and there are already configured agent machines that are NOT using these new settings, those machines will stop working correctly. If you have other agent machines that are NOT using global settings, these will continue to work without issue. |
...