Anchor - Using Let's Encrypt Mode to Generate Temporary SSL Certificates for the Anchor Application Server (Private Cloud Only)

Overview 

With the release of Anchor 2.5.3, newly installed desktop clients will be unable to connect to the Anchor application server unless the server is using an SSL certificate issued by a trusted root Certificate Authority (CA). If you are a private cloud partner and you do not have a valid SSL certificate configured on the Anchor application server, these desktop clients will be unable to properly verify and connect to the Anchor server.

This verification process ensures the highest level of security for our private cloud partners and their clients, and protects against possible Man-in-the-Middle cyberattacks.

Note: This requirement is for private cloud partners only. SaaS servers are already configured with valid SSL certificates. If you are a SaaS partner and you are supporting agents that cannot connect to the server, please reference the Troubleshooting Registration Failure on Windows Machines Knowledgebase article.  

Configuring a Valid SSL Certificate for the Anchor Application Server

For instructions on how to configure a valid SSL certificate for the Anchor application server, please reference the Configuring a Single Domain SSL Certificate or Wildcard Certificate Knowledgebase article.

To verify that the system has the root certificate available:

1. On your Windows server, launch MMC (Microsoft Management Console).
2. Install the Certificate Manager plugin as described in Microsoft's TechNet article.
3. Look for the GoDaddy Root CA. If the GoDaddy Root CA is not visible, manually add it from your machine. Alternatively, turn on Let's Encrypt mode as described in the instructions below.

Temporary SSL Certificate Configuration Option

If you have not yet configured a valid SSL certificate on the Anchor application server, you can turn on the Let’s Encrypt Mode setting as a temporary solution, which will allow all newly installed desktop clients to immediately and securely connect with the Anchor application server.

Let’s Encrypt is a third-party, non-profit CA that offers free SSL certificates. Turning on the Let’s Encrypt Mode setting will allow the Anchor application server to automatically obtain and use Let’s Encrypt certificates. 

Note: Let’s Encrypt Mode is intended to be used as a temporary workaround only. We recommend that you configure a valid SSL certificate for your Anchor application server as soon as possible.

To turn on the Let’s Encrypt Mode configuration setting:

1. In the Anchor administrative web portal, navigate to the top-level organization.
   
   
   
2. Click the Settings tab. The General Settings page displays.
   
   
   
3. In the General Settings page, click the Let’s Encrypt Mode checkbox. 
   
   
   
4. Click the Save button. When your changes are saved, the Anchor application server will automatically obtain and use Let’s Encrypt certificates, and all newly installed desktop clients will have the ability to securely connect with the Anchor application server.