Configure mutual authentication between a server and agent
Prerequisites: Add an alias to an agent and Add an alias to an agent relay
This topic describes how to set up mutual authentication between a server and agent.
Before configuring mutual authentication, make sure to define the required properties. For details, see Set properties for mutual authentication.
To configure mutual authentication between a server and an agent:
- Stop the Deployment Automation server and agents.
- Open a command prompt and navigate to the \conf directory on your server, for example, .microfocus\da\conf.
-
Export the server key as a certificate by running this command:
keytool -export -keystore server.keystore -storepass changeit -alias server -file server.crt
Note: The alias server for generating certificate keys is assigned during server installation.
-
Copy the exported certificate file server.crt to the agent directory:
<install_location>\<agent_name>\conf.
Note that <agent_name> is the unique name you gave the agent during installation.
-
From the agent directory <install_location>\<agent_name>\conf, import server.crt by running this command:
keytool -import -keystore agent.keystore -storepass changeit -alias server -file server.crt -keypass changeit -noprompt
A message Certificate was added to keystore is displayed.
-
From the agent directory <install_location>\<agent_name>\conf, export the agent key as a certificate by running this command:
keytool -export -keystore agent.keystore -storepass changeit -alias <agent_alias> -file <agent_name>.crt
The certificate is stored in the <agent_name>.crt file.
Note: Before you export an agent key, you must add an alias to the agent. For details, see Add an alias to an agent. After generating a new key pair, make sure to remove the default key from keystore.
-
Copy the exported certificate file <agent_name>.crt to your server's \conf directory.
-
From the server's \conf directory, import the <agent_name>.crt file by running this command:
keytool -import -keystore server.keystore -storepass changeit -alias <agent_alias> -file <agent_alias>.crt -keypass changeit -noprompt
A message Certificate was added to keystore is displayed.
-
To configure another agent, repeat steps 6–8.
- Start the server and agents.
Next steps: