Configuring PKI Certification for Agents

For additional security, agents can be configured to authenticate through PKI certificates. Use the following procedure to configure each agent that you want to authenticate this way.

Note: No corresponding users are created in Deployment Automation when agents authenticate through PKI certificates. For information on user authentication through PKI certificates, see Creating Users.

To configure agents to authenticate using PKI certificates:

  1. Navigate to the agent's conf directory: <agent_home>/conf/sra.keystore
  2. Using an appropriate editor such as the Oracle Java keytool utility, remove the default key from the agent's sra.keystore file.
  3. Add the client certificate issued by your CA for this particular agent to the agent's sra.keystore file.
  4. Update the <agent_home>/conf/ file to have the correct passwords for the sra.keystore file and for the key itself (locked/agent.keystore.pwd and locked/agent.keystore.key.pwd respectively). Passwords can be entered unencrypted, and will be encrypted the next time the agent starts.