TLS with client-side certificates - Securing a Windows Application Server
Use this procedure to generate a self-signed, client-side certificate for a Windows Application Server, provision all targeted agents or repeaters with a fingerprint of the Application Server self-signed certificate, and configure those agents or repeaters to authenticate incoming requests using client-side certificates. If your environment includes multiple Application Servers, you should repeat this procedure for each Application Server.
To stop using self-signed, client-side certificates, see TLS-with-client-side-certificates-Discontinuing-use-of-client-side-certificates.
You can use this procedure to use TLS with client-side certificates to secure communication between a Windows Network Shell proxy server and agents or repeaters. The procedure for a Network Shell proxy server is identical to the procedure for an Application Server.
The following is a master procedure. Each of the steps in this procedure references a topic that describes another procedure.
- Create a self-signed, client-side certificate on the Application Server. Then add the passphrase for that certificate to the securecert file.
- Provision all targeted agents and repeaters with a fingerprint of the Application Server self-signed certificate.
- Configure all targeted agents or repeaters to authenticate incoming requests using client-side certificates.