20
Mutual authentication or two-way authentication (sometimes written as 2WAY authentication) refers to two parties authenticating each other at the same time.
Mutual authentication is typically used only when extra level of security is needed,In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity.
Mutual Authentication In UrbanCode Deploy can be between the Server and the Agent or between the Server-Relay Server /Relay Server-Agent.
Mutual Authentication can be configured in either one of the following method:
I> During the Server-Relay Server-Agent installation by choosing “Yes/Y” at the step “Do you want the Server and Agent communication to require mutual authentication?”
II> Ensure that the following properties are set in the Server-RelayServer-Agent install.property file.
- The server.jms.mutualAuth property in the server's installed.properties file (in the server_install/conf/server directory) is set to true.
- For each agent, the locked/agent.mutual_auth property in the agent's installed.properties file (in the agent_install\conf\agent directory) is set to true.
- For each agent relay, the agentrelay.jms_proxy.secure property in the relay's agentrelay.properties file (in the relay_install\conf directory) is set to true.
-
For each agent relay, the agentrelay.jms_proxy.mutualAuth property in the relay's agentrelay.properties file is set to true.
Configure Server-Agent Mutual Authentication:
1.Open a command-line window and go to the server installation conf directory.
2.Run the following command:
keytool -export -keystore server.keystore -storepass changeit -alias server -file server.crt
For EX: keytool -export -keystore server.keystore -storepass changeit -alias server -file server.crt3.Copy the exported file (certificate) to the agent installation conf directory
4.Import the file by running the following command from within the agent's conf directory
keytool -import -keystore ibm-ucd.keystore -storepass changeit -alias server -file server.crt -keypass changeit –noprompt
For EX: keytool -import -keystore ibm-ucd.keystore -storepass changeit -alias server -file server.crt -keypass changeit –noprompt
You should see the Certificate was added to keystore message.
5.For each local agent export the key by running the following (change the name of the file argument to match the agent name):
keytool -export -keystore keystoreFile -storepass changeit -alias ibm-ucd_agent -file agentName.crt
keytool -export -keystore ibm-ucd.keystore -storepass changeit -alias ibm-ucd_agent -file sit.crt
Here "sit" is the name of the Agent
6.Copy the exported file to the server's conf directory.
7.From within the server's conf directory, import each certificate by running the following command:
keytool -import -keystore server.keystore -storepass changeit -alias [agent_name] -file agentName.crt -keypass changeit –noprompt.
Example: keytool -import -keystore server.keystore -storepass changeit -alias sit -file sit.crt -keypass changeit -noprompt
Here "sit" is the name of the Agent
You should see the Certificate was added to keystore message
Configure Server-Relay-Agent Mutual Authentication:
1.Open a command-line window and go to the server installation conf directory.
2.Run the following command:
keytool -export -keystore server.keystore -storepass changeit -alias server -file server.crt
Example: keytool -export -keystore server.keystore -storepass changeit -alias server -file server.crt3.Copy the exported file (certificate) to the agent relay installation conf/jms-relay directory.
4. Import the file by running the following command from within the agent relay's jms-relay directory:
keytool -import –keystore agentrelay.keystore -storepass changeit -alias server -file server.crt -keypass changeit -noprompt
Example: keytool -import -keystore agentrelay.keystore -storepass changeit -alias server -file server.crt -keypass changeit –noprompt
You should see the Certificate was added to keystore message.
5. For each agent relay, export the key by running the following
keytool -export -keystore agentrelay.keystore -storepass changeit -alias agentrelay -file agentName.crt
Example: keytool -export -keystore agentrelay.keystore -storepass changeit -alias agentrelay -file agentrelay.crt
6.Copy the exported file to the server's conf directory.
7.From within the server's conf directory, import each certificate by running the following command:
keytool -import -keystore server.keystore -storepass changeit -alias [agent_name] -file agentName.crt -keypass changeit -noprompt
Example: keytool -import -keystore server.keystore -storepass changeit -alias agentrelay -file agentrelay.crt -keypass changeit -noprompt
Configure Relay Server-Agent Mutual Authentication
-
keytool -export -keystore ibm-ucd.keystore -storepass changeit -alias ibm-ucd_agent -file sit.crt
-
keytool -import -keystore ibm-ucd.keystore -storepass changeit -alias agentrelay -file agentrelay.crt -keypass changeit -noprompt
- keytool -import -keystore agentrelay.keystore -storepass changeit -alias sit -file sit.crt -keypass changeit -noprompt
