Agent requires the following certificates to operate properly:
- Indeed CM Axidian CertiFlow Agent CA , which is the root Indeed CM Agent certificate. This is is a root certificate used to issue certificates for user workstations where Agent instances are to be installed to.Agents will be deployed.
- Axidian CertiFlow Agent SSL is an authentication certificate signed by root certificate. Agent SSL certificate Indeed CM Agent SSL is the authentication certificate, signed by the root certificate. This is required to establish a bitwo-directional way secure connection between the server and a workstation with Agent installed. The certificate is issued for the workstation with Indeed CM server installed.
- Workstation certificate is issued automatically upon Agent registration. A client computer When sending a request to the server, the client workstation provides its certificate to server by sending a request, and the Indeed CM server checks for CertiFlow server verifies if the certificate authenticity. If correct, is authentic. Then the server marks the this Agent at the workstation as trusted one and becomes is ready to send assign tasks to it.
Agent certificates are created with IndeedCM.Agent.Cert.Generator.exe utility from the Indeed CM Axidian CertiFlow installation package.
- Run the IndeedCM.Agent.Cert.Generator.exe utility in from the command line as administrator on the Indeed CM server, using Axidian CertiFlow server. Use the following parameters: /root /csn /installToStore. Wait for the utility to finish operation.
| Note |
|---|
The /csn parameter initiates the generates a certificate issue procedure for DNS name of the workstation where the utility is run atrunning. To generate certificates for another workstation, run the utility with /sn <DNS name of workstation> parameter. The /installToStore publishes the certificates issued by the utility to the server certificate storage:
|
2. The Indeed CM Axidian CertiFlow Agent CA.key file shall will appear in the utility folder. The file contains the Indeed CM Axidian CertiFlow Agent CA certificate image and certificate key value.
3. Place the Indeed CM Axidian CertiFlow Agent CA certificate to Trusted Root Certification Authorities at on all user workstations.
| Scroll Pagebreak |
|---|
| Info |
|---|
The You can use the Active Directory group policy mechanism can be used Group Policy engine to distribute the certificate to user workstations. |
4. Set up a secure connection to Agent site. To do this:
- Switch to IIS Manager.
- Select IndeedCM Agent Axidian CertiFlow Agent Site, then switch go to Bindings section.
- Select the binding to 3003 port and click Edit...
| Warning |
|---|
Port 3003 port is set by default. If you use another port, then you’d have you will need to create and configure a new binding for it. Make sure that the port is open for incoming connections in firewall. |
- Define Indeed CM Axidian CertiFlow Agent SSL as SSL certificate and click OK.
5. Example of setting a binding for IndeedCM Agent Site.
6. If your environment has more than one Indeed CM Axidian CertiFlow server with Agents, then a separate Agent SSL certificate is required for each server. The root Root certificate is one and the same for all the servers.
To create a an SSL certificate for additional server, copy the folder with IndeedCM.Agent.Cert.Generator.exe utility and Indeed CM Agent Axidian CertiFlow Agent CA.key root certificate key file, then execute the following command:
| Code Block |
|---|
IndeedCM.Agent.Cert.Generator.exe /ssl /csn /rootKey <path to folder containing root certificate key> /installToStore |
| Code Block | ||
|---|---|---|
| ||
IndeedCM.Agent.Cert.Generator.exe /ssl /csn /rootKey "C:\AgentCertGenerator\Indeed CM Agent CA.key" /installToStore |