You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 34 Next »

Agent requires the following certificates to operate properly:

  • Axidian CertiFlow Agent CA is a root certificate used to issue certificates for user workstations where Agents will be deployed.
  • Axidian CertiFlow Agent SSL is an authentication certificate signed by root certificate. Agent SSL certificate is required to establish a two-way secure connection between the server and a workstation with Agent installed. 
  • Workstation certificate is issued automatically upon Agent registration. When sending a request to the server, the client workstation provides its certificate and the CertiFlow server verifies if the certificate is authentic. Then the server marks this Agent as trusted and is ready to assign tasks.

Agent certificates are created with IndeedCM.Agent.Cert.Generator.exe utility from the Axidian CertiFlow installation package.

  1. Run the IndeedCM.Agent.Cert.Generator.exe from the command line on the Axidian CertiFlow server. Use the following parameters: /root /csn /installToStore

The /csn parameter generates a certificate for DNS name of the workstation where the utility is running. To generate certificates for another workstation, run the utility with /sn <DNS name of workstation> parameter.

The /installToStore publishes the certificates issued by the utility to the server certificate storage:

  • Axidian CertiFlow CM Agent CA certificate is placed to Trusted Root Certification Authorities.
  • Axidian CertiFlow Agent SSL certificate is placed to personal certificate storage of the workstation with Axidian CertiFlow server installed.

2. Axidian CertiFlow Agent CA.key file will appear in the utility folder. The file contains the Axidian CertiFlow Agent CA certificate image and certificate key value. 
3. Place the Axidian CertiFlow Agent CA certificate to Trusted Root Certification Authorities on all user workstations. 

You can use the Active Directory Group Policy engine to distribute the certificate to user workstations.

4. Set up a secure connection to Agent site: 

    • Switch to IIS Manager.
    • Select Axidian CertiFlow Agent Site, go to Bindings.
    • Select binding to 3003 port and click Edit.

3003 port is set by default. If you use another port, you will need to create and configure a new binding for it. Make sure that the port is open for incoming connections in firewall.

    • Define Axidian CertiFlow Agent SSL as SSL certificate and click OK.

6. If your environment has more than one Axidian CertiFlow server with Agents, a separate Agent SSL certificate is required for each server. Root certificate is one and the same for all servers.

To create an SSL certificate for additional server, copy the folder with IndeedCM.Agent.Cert.Generator.exe utility and Axidian CertiFlow Agent CA.key root certificate key file, then execute the following command: 

IndeedCM.Agent.Cert.Generator.exe /ssl /csn /rootKey <path to folder containing root certificate key> /installToStore
Example:
IndeedCM.Agent.Cert.Generator.exe /ssl /csn /rootKey "C:\AgentCertGenerator\Indeed CM Agent CA.key" /installToStore


  • No labels