Installing OL Connect on machines without internet access
Installing OL Connect2024.2 in offline mode requires some extra steps. These are listed below.
Updating Connect
Updating to OL Connect 2024.2 from earlier Connect version
In order to update OL Connect to 2024.2 it is first necessary to update the OL Connect license and Update Manager .
For further details on how to upgrade the OL Update Manager to the latest version and update your OL Connect License see the Update Manager 1.9 - Upgrade Guide.
For full details on how update OL Connect see Upgrading from previous OL Connect versions.
Initial OL Connect installation
GoDaddy Root Certificate Authority needs to be installed
In order to install OL Connect it is necessary for the GoDaddy Root Certificate Authority to be installed (G2 Certificate) on the host machine and for this to be verified online. When a machine hosting the installation does not have access to the Internet, the installation will fail because the verification cannot be performed. To solve this problem one must first ensure that all Windows updates have been installed on the host machine. Once the Windows updates are confirmed as being up to date, then complete the following steps:
- Go to https://certs.godaddy.com/repository and download the following two certificates to copy to the offline machine:
- GoDaddy Class 2 Certification Authority Root Certificate - G2 - the file is gdroot-g2.crt
- GoDaddy Secure Server Certificate (Intermediate Certificate) - G2 - the file is gdig2.crt
- Install the certificates: Right mouse click -> Install Certificate, and follow the steps through the subsequent wizard.
- Now copy the OL Connect installer to the offline machine and start the installation as normal
Windows certificate validation - Certificate Revocation List retrieval should be switched off
For your security Upland OL Connect digitally signs all relevant files with our own name and certificate. The integrity of these files is checked at various times by different, context related, methods. One of these checks, done during the installation process, uses the Windows certificate validation check. .
The Windows certificate validation process not only checks the integrity of a file against its signature, but also usually checks if the certificate itself is still valid. That check is done against the current Certificate Revocation List (CRL), which needs to be retrieved from the internet. However, if the machine in question does not have internet access, the retrieval of the CRL must fail, which will lead to subsequent validation issues.
To circumvent such issues it is highly recommended to switch off the CRL retrieval prior to installing Connect on machines without internet access. There is no security risk associated with this, as the CRLs would never be retrievable without internet access, anyway. Advantage of the switch will not only be found during the installation and operation of Connect, but also in some speed improvements for any application which use signed binaries.
To switch off CRL retrieval on the computer, complete the following steps:
-
Open the “Internet Options” via the Control Panel
-
Select the “Advanced” tab and scroll down to “Security” node.
-
Uncheck the entry “Check for publisher’s certificate revocation” under that node.
-
Click the OK button to close the dialog.
-
Re-start the computer.