Follow

Issue: Removing port 80 binding in IIS breaks some elements of Venafi TPP

Applies to

Venafi TPP versions prior to 15.4

Symptom

When the binding for port 80 is removed in IIS some components of Venafi stop functioning.

Affected components include:

  • Agent check-in
  • WebSDK
  • SCEP/NDES

Cause

Despite the fact the the clients in these components are not sending any traffic over port 80 to the Venafi TPP server the web.config for the API of these components requires port 80 to be open. There is, however, a modification that can be made to the web.config files for the affected components which will allow the binding to be removed.

Resolution

1. Edit the following Web.config files:

  • <TPPInstallPath>\Venafi\Web\Client\Web.config
  • <TPPInstallPath>\Venafi\Web\WebSDK\Web.config
  • <TPPInstallPath>\Venafi\Web\VScep\Web.config

By adding the following clause right before “ </system.serviceModel>” in each file.

<bindings>
    <webHttpBinding>
        <binding>
            <security mode="Transport" />
        </binding>
    </webHttpBinding>
</bindings>

2. Click on the Venafi site, select Bindings, select the http port 80 row, and click Remove
3. Restart the Venafi site or you can recycle each of the application pools (VEDClient, VEDWebSDK, VEDScep)

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk