Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Agent requires the following certificates to operate properly:

  • Indeed CM Agent CA, which is the root Indeed CM Agent certificate. This is used to issue certificates for user workstations where Agent instances are to be installed to.
  • Indeed CM Agent SSL is the authentication certificate, signed by the root certificate. This is required to establish a bi-directional secure connection between the server and workstation with Agent installed. The certificate is issued for the workstation with Indeed CM server installed.
  • Workstation certificate is issued automatically upon Agent registration. A client computer provides its certificate to server by sending a request, and the Indeed CM server checks for the certificate authenticity. If correct, the server marks the Agent at the workstation as trusted one and becomes ready to send tasks to it.

Agent certificates are created with IndeedCM.Agent.Cert.Generator.exe utility from the Indeed CM installation package.

  1. Run the IndeedCM.Agent.Cert.Generator.exe utility in command line as administrator on the Indeed CM server, using the following parameters: /root /csn /rootKeySize 2048 /sslKeySize 2048 /installToStore. Wait for the utility to finish operation.
Note

The /csn parameter initiates the certificate issue procedure for DNS name of the workstation the utility is run at. To generate certificates for another workstation, run the utility with /sn <DNS name of workstation> parameter.

The /installToStore publishes the certificates issued by the utility to the server certificate storages:

  •  The Indeed CM Agent CA certificate is placed to Trusted Root Certification Authorities.
  •  The Indeed CM Agent SSL certificate is placed to personal certificate storage of the workstation with Indeed CM server installed.

2. The Indeed CM Agent CA.key file shall appear in the utility folder. The file contains the Indeed CM Agent CA certificate image and certificate key value. 
3. Place the Indeed CM Agent CA certificate to Trusted Root Certification Authorities at all user workstations. 

Scroll Pagebreak

Info

The Active Directory group policy mechanism can be used to distribute the certificate to user workstations.

4. Set up a secure connection to Agent site. To do this: 

    • Switch to IIS Manager.
    • Select Indeed CM Agent Site, then switch to Bindings section.
    • Select the binding to 3003 port and click Edit.
Warning

Port 3003 is set by default. If you use another port, then you’d have to create and configure a new binding for it. Make sure that the port is open for incoming connections in firewall.

    • Define Indeed CM Agent SSL as certificate and click OK.

5. Figure 16 shows an example of setting a binding for Indeed CM Agent Site site.

Figure 16 – Setting a secure connection to Indeed CM server to work with Agents.

6. If your environment has more than one Indeed CM server with Agents, then a separate Agent SSL certificate is required for each server. The root certificate is one and the same for all the servers. To create a SSL certificate for additional server, copy the folder with IndeedCM.Agent.Cert.Generator.exe utility and Indeed CM Agent CA.key root certificate key file, then execute the following command: 

Code Block
languagepowershell
IndeedCM.Agent.Cert.Generator.exe /ssl /сsn /rootKey "<path to folder containing root certificate key>" /sslKeySize 2048 /installToStore


Info
iconfalse
titleExample:

IndeedCM.Agent.Cert.Generator.exe /ssl /сsn /rootKey "C:\AgentCertGenerator\Indeed CM Agent CA.key" /sslKeySize 2048 /installToStore