Mutual Authentication: Server and Agents

Make sure your server and agents are not running before you start this configuration.

To configure mutual authentication between a server and agent:

  1. Open a shell and navigate to the server install location \conf directory. For example:
    .microfocus\da\conf
  2. Export the server key as a certificate by running:
    keytool -export -keystore server.keystore -storepass changeit
     -alias server -file server.crt
    Note: When you install a server, the alias server to be used for certificate key generation is assigned to the server.

    You should see the message:

    Certificate stored in file server.crt
  3. Copy the exported server.crt (certificate file) to the agent [install_location]\[agent_name]\conf directory.

    where [agent_name] is the unique name you gave the agent during install.

  4. From within the agent's [install_location]\[agent_name]\conf directory, import the server.crt file by running:
    keytool -import -keystore sra.keystore -storepass changeit -alias server
     -file server.crt -keypass changeit -noprompt

    You should see the message:

    Certificate was added to keystore
  5. From within the agent's [install_location]\[agent_name]\conf directory, export the agent key as a certificate by running:
    keytool -export -keystore sra.keystore -storepass changeit
     -alias [agent_alias] -file [agent_name].crt

    The certificate is stored in the [agent_name].crt file.

    Important: Before you export an agent key, you must first add an alias to the agent (see Adding an Alias to an Agent).
  6. Copy the exported [agent_name].crt (certificate file) to the server installation location \conf directory.
  7. From within the server's install location .microfocus\da\conf directory, import the [agent_name].crt file by running:
    keytool -import -keystore server.keystore -storepass changeit
     -alias [agent_alias] -file [agent_alias].crt -keypass changeit -noprompt

    You should see the message:

    Certificate was added to keystore
  8. For additional agents, repeat from step 5.
  9. Start the server and agents.