With Anchor version 2.5.3, desktop clients are required to pull valid root certificates for secure connectivity to the Anchor Server. This requirement protects against man-in-the-middle attacks and provides an extra layer of security to our partners and their clients.
If this option is disabled on a machine, desktop client registration will fail.
To allow desktop clients to successfully register, certificates must be manually installed or the Windows group policy setting must be modified to allow the automatic pulling of root certificates. To determine if the root certificate is already installed on a machine:
- On the Windows machine, launch MMC (Microsoft Management Console).
- Install the Certificate Manager plugin as described in Microsoft's TechNet article.
- Look for the Root CA matching your certificate provider. If the Root CA is not visible, it will need to be manually installed.
Note: If you are a SaaS partner, please note that syncedtool.com, syncedtool.ca, and syncedtool.eu use GoDaddy as their certificate provider. If you are connecting to one of eFolder's SaaS Anchor servers, the Root CA's needed are named:
- Go Daddy Root Certificate Authority - G2
- Go Daddy Class 2 Certification Authority
Note: If you are a Private Cloud partner, you can optionally enable Let's Encrypt mode and skip the steps listed above. For more information, please reference the Using Let's Encrypt Mode Knowledgebase article.