Configure mutual authentication between a server, an agent relay, and agents

Prerequisites: Add an alias to an agent relay and Configure mutual authentication between a server and agent

This topic explains how to set up mutual authentication for a server, an agent relay, and agents that communicate with the server through agent relays.

Before configuring mutual authentication, make sure to define the required properties. For details, see Set properties for mutual authentication.

To configure mutual authentication:

  1. Stop the Deployment Automation server and agents.
  2. Open a command prompt and navigate to the \conf directory on your server, for example, .microfocus\da\conf.
  3. Export the server key as a certificate by running this command:

    keytool -export -keystore server.keystore -storepass changeit -alias server -file server.crt

    A message Certificate stored in file server.crt is displayed.

  4. Copy the exported certificate file server.crt to the agent relay directory:

    <install_location>\<agent-relay_name>\conf\jms-relay.

    Note that <agent-relay_name> is the unique name you gave the agent relay during installation.

  5. From the agent relay directory <install_location>\<agent-relay_name>\conf\jms-relay, import server.crt by running this command:

    keytool -import -keystore agentrelay.keystore -storepass changeit -alias server -file server.crt -keypass changeit -noprompt

    A message Certificate was added to keystore is displayed.

    Note: Before you export an agent relay key, you must add an alias to the agent relay. For details, see Add an alias to an agent relay. After generating a new key pair, make sure to remove the default key from keystore.

  6. From the agent relay directory <install_location>\<agent-relay_name>\conf\jms-relay, export the agent relay key as a certificate by running this command:

    keytool -export -keystore agentrelay.keystore -storepass changeit -alias <agent-relay_alias> -file <agent-relay_name>.crt

    A message Certificate is stored in file <agent-relay_name>.crt is displayed.

  7. Copy the exported certificate file <agent-relay_name>.crt to your server's \conf directory.

  8. From the server's \conf directory, import <agent-relay_name>.crt by running this command:

    keytool -import -keystore server.keystore -storepass changeit -alias <agent-relay_alias> -file <agent-relay_name>.crt -keypass changeit -noprompt

    A message Certificate was added to keystore is displayed.

  9. For an agent configured to connect to the agent relay, copy the exported certificate file <agent-relay_name>.crt to the agent directory:

    <install_location>\<agent_name>\conf.

    Note that <agent_name> is the unique name you gave the agent during installation.

  10. From the agent directory <install_location>\<agent_name>\conf, import <agent-relay_name>.crt by running this command:

    keytool -import -keystore agent.keystore -storepass changeit -alias <agent-relay_alias> -file <agent-relay>.crt -keypass changeit -noprompt

    A message Certificate was added to keystore is displayed.

  11. From the agent directory <install_location>\<agent_name>\conf, export the agent key as a certificate by running this command:

    keytool -export -keystore agent.keystore -storepass changeit -alias <agent_alias> -file <agent_name>.crt

    A message Certificate is stored in file <agent_name>.crt is displayed.

    Note: Before you export an agent key, you must add an alias to the agent. For details, see Add an alias to an agent. After generating a new key pair, make sure to remove the default key from keystore.

  12. Copy the exported certificate file <agent_name>.crt to the agent relay directory:

    <install_location>\<agent-relay_name>\conf\jms-relay.

  13. From the agent relay directory <install_location>\<agent-relay_name>\conf\jms-relay, import the <agent_name>.crt file by running this command:

    keytool -import -keystore agentrelay.keystore -storepass changeit -alias <agent_alias> -file <agent_name>.crt -keypass changeit -noprompt

    A message Certificate was added to keystore is displayed.

  14. (Optional) To configure another agent that communicates with the server through this agent relay, repeat steps 11–13.

    Note: For each agent, make sure you change the name of the -alias argument <agent_alias> and the -file argument <agent_name>.

  15. Start the server, agent relay, and agents.

Back to top