Configuring Mutual Authentication Mode

In mutual authentication mode, communications are encrypted as usual, but users are also required to authenticate themselves by providing digital certificates. A digital certificate is a cryptographically signed document intended to assure others as to the identity of the certificate's owner. Deployment Automation certificates are self-signed.

When mutual authentication mode is active, Deployment Automation uses it for JMS-based server/agent communication. In this mode, the Deployment Automation server provides a digital certificate to each agent, and each agent provides one to the server. This mode can be implemented during server/agent installation, or activated afterward.

To activate this mode, the Deployment Automation server provides a digital certificate to each local agent and agent relay, and each local agent and agent relay provides one to the server.

Agent relays, in addition to swapping certificates with the server, must swap certificates with the remote agents that will use the relay. Remote agents do not have to swap certificates with the server, just with the agent relay they will use to communicate with the server.

This mode can be implemented during installation or activated afterward.

Note: When using mutual authentication mode, you must turn it on for the server, agents, and agent relays, otherwise they will not be able to connect to one another. If one party uses mutual authentication mode, they must all use it.

Important: The server and agent properties must be set prior to configuring mutual authentication and exchanging keys.

To prepare for using mutual authentication, follow the following procedures in order: