Implementing security - Repeater to agent


Use this procedure to generate a self-signed, client-side certificate for a repeater, provision all targeted agents with a fingerprint of the repeater's self-signed certificate, and configure those agents to authenticate incoming requests using client-side certificates.

  • (Windows) You must perform this procedure for the BladeLogicRSCD user.
  • (UNIX) You must perform this procedure for every user to whom connecting users are mapped. Typically, users are mapped to root but mapping to other user names is possible.

If you want to stop using self-signed, client-side certificates, see Discontinuing-use-of-client-side-certificates.

The following is a master procedure. Each of the steps in this procedure references a topic that describes another procedure.

  1. Create a self-signed, client-side certificate on the repeater and then add the passphrase for that certificate to the securecert file.
  2. Provision all targeted agents with an SHA1 fingerprint of the repeater's self-signed certificate.
  3. Configure all targeted agents to authenticate incoming requests with client-side certificates.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*