Configuring Explicit-Trust Authentication With An Agent Manager - IBM Proventia Network Enterprise Scanner User Manual

Configuring Explicit-Trust Authentication with an Agent Manager

Introduction
Prerequisite
Task overview
Task 1: Clearing
first-time-trust
certificates
Task 2: Copying the
Agent Manager
certificate
IBM Proventia Network Enterprise Scanner User Guide, Version 1.3
By default, the SiteProtector Agent Manager and your agent use first-time trust
authentication to establish a secure communication channel. If your environment requires
a higher level of security, you can follow the procedures in this topic to set up explicit-
trust authentication.
First-time-trust authentication level is used by default. Using explicit-trust
Note:
authentication is optional.
Make sure your agent is not registered with the SiteProtector system before you continue.
Configuring explicit-trust authentication with an Agent Manager is a four-task process:
Task
Task 1: Clearing first-time-
trust certificates
Task 2: Copying the Agent
Manager certificate
Task 3: Editing the local
properties file
Task 4: Enabling explicit-trust
authentication
Table 12: Tasks for configuring explicit-trust authentication with an Agent Manager
To clear first-time-trust certificates:
1. Locate the /var/spool/crm/leafcerts directory on the appliance.
2. If this directory is empty, go to Task 2.
The directory is empty if the agent has not registered with the SiteProtector
Note:
system.
3. Optionally, copy the entire crm folder to a local location to make a backup of it.
4. Delete the contents of the leafcerts folder on the appliance.
To copy the Agent Manager's certificate:
1. Locate the computer that hosts your SiteProtector Agent Manager, and then locate the
folder where the Agent Manager is installed.
The default location is C:\Program Files\ISS\SiteProtector\Agent
Note:
.
Manager
Configuring Explicit-Trust Authentication with an Agent Manager
Description
With first-time-trust, server certificates are stored in a directory on
the Enterprise Scanner agent the first time a connection is made
between the agent and the Agent Manager. You must remove
those certificates before you can use explicit-trust authentication.
Note: If the agent has never established communication with the
Agent Manager, skip Task 1.
You must manually copy the Agent Manager's certificate to a
specific location on the agent for explicit-trust to work.
The communications modules for the appliance read their
authentication configuration from a file, and you must change that
file to identify the certificate used for explicit-trust authentication.
You must register with the Agent Manager, specify explicit-trust
authentication, and reboot the agent.
35