TLS with client-side certs - Securing a Windows Application Server

Use this procedure to generate a self-signed, client-side certificate for a Windows Application Server, provision all targeted agents or repeaters with an SHA1 fingerprint of the Application Server self-signed certificate, and configure those agents or repeaters to authenticate incoming requests using client-side certificates. If your environment includes multiple Application Servers, you should repeat this procedure for each Application Server.

Note

In this topic, a client refers to an Application Server that is attempting to establish contact with the server hosting an agent. Generally, in BMC Server Automation documentation a client refers to a host running the BMC Server Automation Console or Network Shell.

To stop using self-signed, client-side certificates, see TLS with client-side certs - Discontinuing use of client-side certificates.

You can use this procedure to use TLS with client-side certificates to secure communication between a Windows Network Shell proxy server and agents or repeaters. The procedure for a Network Shell proxy server is identical to the procedure for an Application Server.

Note

TLS communication with client-side certificates is not compatible with the NSH proxy tunneling mechanism for communication between clients and the Network Shell proxy server. To use one or the other, you must either disable proxy tunneling or discontinue the use of client-side certificates.

The following is a master procedure. Each of the steps in this procedure references a topic that describes another procedure.

  1. Create a self-signed, client-side certificate on the Application Server. Then add the passphrase for that certificate to the securecert file.
  2. Provision all targeted agents and repeaters with a SHA1 fingerprint of the Application Server self-signed certificate.
  3. Configure all targeted agents or repeaters to authenticate incoming requests using client-side certificates.
Was this page helpful? Yes No Submitting... Thank you

Comments