Mutual Authentication: Server, Agent Relay, and Agent(s)

These instructions are for configuring mutual authentication for a server, agent relays, and agents that communicate with the server through agent relay(s). Make sure your server and agent(s) are not running before you start this configuration.

To configure mutual authentication between a server, agent relay and agent(s):

Open a shell and navigate to the server install location \conf directory:
```
.serena\ra\conf>
```

Export the server key as a certificate by running:

keytool -export -keystore server.keystore -storepass changeit
 -alias server -file server.crt

You should see the message:

Certificate stored in file server.crt

Copy the exported server.crt (certificate file) to the agent relay [install_location]\[agentrelay_name]\conf\jms-relay directory.
where [agent-relay_name] is the unique name you gave the agent relay during install.
From within the agent relay directory:
```
[install_location]\[agent-relay_name]\conf\jms-relay
```
import the server.crt file by running:
```
keytool -import -keystore agentrelay.keystore -storepass changeit
 -alias server -file server.crt -keypass changeit -noprompt
```
You should see the message:
```
Certificate was added to keystore
```
Important: Before you can export an agent relay key, you must first add an alias to the agent relay (see Adding an Alias to an Agent Relay).

From within the agent relay directory:

[install_location]\[agent-relay_name]\conf\jms-relay

export the agent relay key as a certificate by running:

keytool -export -keystore agentrelay.keystore -storepass changeit
 -alias [agent-relay_alias] -file [agent-relay_name].crt

You should see the message:

 Certificate is stored in file [agent-relay_name].crt

Copy the exported [agent-relay_name].crt (certificate file) to the server installation location .serena\ra\conf directory.

From within the server's install location .serena\ra\conf directory, import the [agent-relay_name].crt file by running:

keytool -import -keystore server.keystore -storepass changeit
 -alias [agent-relay_alias] -file [agent-relay_name].crt
 -keypass changeit -noprompt

You should see the message:

Certificate was added to keystore

For an agent that is configured to connect to the agent relay, copy the exported [agent-relay_name].crt (certificate file) to the agent [install_location]\[agent_name]\conf directory.
where [agent_name] is the unique name you gave the agent during install.

From within the agent's [install_location]\[agent_name]\conf directory, import the [agent-relay_name].crt file by running:

keytool -import -keystore sra.keystore -storepass changeit
 -alias [agent-relay_alias] -file [agent-relay].crt
 -keypass changeit -noprompt

You should see the message:

Certificate was added to keystore

From within the agent's [install_location]\[agent_name]\conf directory, export the agent key as a certificate by running:
```
keytool -export -keystore sra.keystore -storepass changeit 
 -alias [agent_alias] -file [agent_name].crt
```
You should see the message:
```
 Certificate is stored in file [agent_name].crt
```
Important: Before you can export an agent's certificate key, you must first add an alias to the agent (see Adding an Alias to an Agent).
Copy the exported [agent_name].crt (certificate file) to the agent relay [install_location]\[agent-relay_name]\conf\jms-relay\ directory.

From within the agent relay [install_location]\[agent-relay_name]\conf\jms-relay directory, import the [agent_name].crt file by running:

keytool -import -keystore agentrelay.keystore -storepass changeit
 -alias [agent_alias] -file [agent_name].crt -keypass changeit -noprompt

You should see the message:

Certificate was added to keystore

To configure another agent that communicates with the server through this agent relay, repeat from step 10.
Attention: For each agent, make sure you change the name of the -alias argument [agent_alias], and the -file argument [agent_name].
Restart the server, agent relay, and agents.

Mutual Authentication: Server, Agent Relay, and Agent(s)

Related Topics