AutoPatrol, Bureaucrats, Administrators
683
edits
Line 5: | Line 5: | ||
For TLS tunnel operation server needs certificate (with private key) as well as CA certificate. Take the following steps to prepare server for using agent tunnels: | For TLS tunnel operation server needs certificate (with private key) as well as CA certificate. Take the following steps to prepare server for using agent tunnels: | ||
1. Issue server certificate by your certificate authority. | 1. Issue server certificate by your certificate authority. Certificate usage should allow certificate signing (it will be used by server for issuing agent certificates). | ||
2. Store CA certificate and server certificate somewhere on server file system. Certificates should be in PEM format, server certificate file should contain private key as well. | 2. Store CA certificate and server certificate somewhere on server file system. Certificates should be in PEM format, server certificate file should contain private key as well. | ||
Line 13: | Line 13: | ||
ServerCertificate = /path/to/server.crt | ServerCertificate = /path/to/server.crt | ||
ServerCertificatePassword = server_pk_password | ServerCertificatePassword = server_pk_password | ||
If certificate chain for server certificate is longer all upper level certificates should be added to configuration file by adding multiple ServerCACertificate entries. | |||
4. Restart server. | 4. Restart server. | ||
Line 23: | Line 26: | ||
= Server Configuration = | = Server Configuration = | ||
When agent establishes connection with the server it will create unbound tunnel (not associated with any node). List of active tunnels can be obtained via server debug console using command | When agent establishes connection with the server it will create unbound tunnel (not associated with any node). List of active tunnels can be seen in agent tunnel manager (in management console go to "Configuration" menu and select "Agent Tunnel Manager") or can be obtained via server debug console using command | ||
show tunnels | show tunnels | ||
To associate unbound tunnel with node use command | To associate unbound tunnel with node right click on tunnel entry in agent tunnel manager and choose "Bind" or use debug console command | ||
tunnel bind tunnel_id_here node_id_here | tunnel bind tunnel_id_here node_id_here | ||