Setting the Security parameters
The parameters in this node define the options for secure agent communication. This includes the way the agents communicate between each other as well as the certificates being used for secure communication. For Windows devices the access to the MyApps Kiosk may also be defined.
Parameter | Default value | Description |
---|---|---|
Secure Communication | Yes | Defines if the agent communicates in secure format. The possible values are:
|
Enabled SSL Protocols | Authorized SSL protocols for agent communication. Accepted values are TLS1.0, TLS1.1, TLS1.2 or a comma separated list of these values. When it is not defined, the default value is configured to TLS 1.2. | |
Authority Certificate | bcm | The authority certificate (CA Cert) to be used for signing the agent certificate of required. The parameter expects a certificate name (without extension) registered in the agent cert store (auth section), such as Numara_ca. This parameter is used on the server side and can also be used on the client side if the server is configured to authenticate the client. |
Current Authority Certificate | bcm | Defines the name of the certificate authority which is currently configured. |
Trusted Authorities | bcm | A comma separated list of certificates to be trusted when connecting to a secured server or a client. By default, the agent trusts the default Numara CA unless a different list of certificates is configured. The parameter expects a list of certificate names (without extension) registered in the agent cert store (trusted section), for example, Numara_ca, enterprise_ca, startfleet_ca. This parameter is used on the client side as well as on the server, for the device to know if it can trust the answering device by comparing its certificate with the list of trusted certificates, if it does not match the authority certificate. |
Current Trusted Authorities | bcm | The currently used trusted authorities configured which the local agent may trust for communication. |
User Certificate | The user defined final certificate to be used for both the client and server roles. When this parameter is configured the agent ignores any other authority except the ones to be trusted. It expects a certificate name (without extension) registered in the Agent certificate store (user section), for example, Numara, enterprise, starfleet. | |
Current User Certificate | The currently used user defined final certificate to be used for the server role. This is a certificate name (without extension) registered in the Agent certificate store (integration section), for example, Numara, enterprise, starfleet. | |
Integration Certificate | The integration defined final certificate to be used for the server role. It expects a certificate name (without extension) registered in the Agent certificate store (integration section), for example, Numara, enterprise, starfleet. | |
Current Integration Certificate | bcm | The currently used integration defined final certificate for the server role. This is a certificate name (without extension) registered in the Agent certificate store (integration section), for example, Numara, enterprise, starfleet. |
Certificate Subject organization | Name of your organization. This value forms a part of the distinguished name for the certificate. | |
Certificate Subject organization unit | Name of your organizational unit (section or division of the organization). This value forms a part of the distinguished name for the certificate. | |
Certificate Subject locality | Name of the town or city where your organization is located. This value forms a part of the distinguished name for the certificate. | |
Certificate Subject state | Full name of the state or province for your organization. This value forms a part of the distinguished name for the certificate. | |
Certificate Subject country | Two-letter ISO country code for your organization. This value forms a part of the distinguished name for the certificate. | |
Block Navigation from Agent User Interface | No | Check this box if the agent user interface is to be run in the browser's kiosk mode (full screen without menus or navigation bar). The installation of an add-on may be necessary to be able to use this mode (for example, with Firefox). |
Strict Agent User Interface Authentication | No | Indicate if the user can apply operational rules assigned to the device without explicit authentication. If the strict authentication mode is disabled the user is able to execute operational rules locally without authentication. Enabling this parameter forces user authentication for all cases. This parameter is ignored for rules that are assigned to users. |
Lock the agent service | No | Check this box if the agent service is to be locked. |
Comments
Log in or register to comment.