Central Management - Client side authentication

[mkevenaar]

Current situation

Currently any machine with access to the CCM Service port (24020) can check in and submit their package list.

Requested change

To make this more secure, it would be nice to have an client side authentication method from the Chocolatey Agent to the CCM Server. This could make connections over the Internet secure.

Possible options:

• Username / Pass, CCM already has the option to create user/pass (optional with Active Directory support)
• Client side certificate, signed with a CA on the CCM server.

There should be an setting / configuration in CCM to require authentication. There could be an list with "trusted networks" that would not require authentication. Obviously it should fail when a client checks in without, with invalid credentials, revoked or expired certificate and so on.

[ferventcoder]

We've added an internal setting for this. We are not sure if it is going to make it in, but it's based on a shared key and not a user name / pass. That way no credentials are passed over the wire.

As far as certificates, that's something we are looking into eventually anyways.

Then trusted networks would fall into its own separate issue.

So we've got maybe three issues here as each has different levels of work to implement.

[Exordian]

We'd be very interested in using client side authenentication using certificates provisioned by SCEPman for CCM communication as well as nuget authentication.

Certificates are stored on the machine TPM - so this method requires to use the windows crypto API (instead of choosing some file (e.g. pkcs12 file))