IBM Proventia Network Enterprise User Manual - page 35
Configuring Explicit-Trust Authentication with an Agent Manager
35
IBM Proventia Network Enterprise Scanner User Guide, Version 1.3
Configuring Explicit-Trust Authentication with an Agent Manager
Introduction
By default, the SiteProtector Agent Manager and your agent use first-time trust
authentication to establish a secure communication channel. If your environment requires
a higher level of security, you can follow the procedures in this topic to set up explicit-
trust authentication.
Note:
First-time-trust authentication level is used by default. Using explicit-trust
authentication is optional.
Prerequisite
Make sure your agent is not registered with the SiteProtector system before you continue.
Task overview
Configuring explicit-trust authentication with an Agent Manager is a four-task process:
Task 1: Clearing
first-time-trust
certificates
To clear first-time-trust certificates:
1. Locate the
/var/spool/crm/leafcerts
directory on the appliance.
2. If this directory is empty, go to Task 2.
Note:
The directory is empty if the agent has not registered with the SiteProtector
system.
3. Optionally, copy the entire
crm
folder to a local location to make a backup of it.
4. Delete the contents of the
leafcerts
folder on the appliance.
Task 2: Copying the
Agent Manager
certificate
To copy the Agent Manager's certificate:
1. Locate the computer that hosts your SiteProtector Agent Manager, and then locate the
folder where the Agent Manager is installed.
Note:
The default location is
C:\Program Files\ISS\SiteProtector\Agent
Manager
.
Task
Description
Task 1: Clearing first-time-
trust certificates
With first-time-trust, server certificates are stored in a directory on
the Enterprise Scanner agent the first time a connection is made
between the agent and the Agent Manager. You must remove
those certificates before you can use explicit-trust authentication.
Note: If the agent has never established communication with the
Agent Manager, skip Task 1.
Task 2: Copying the Agent
Manager certificate
You must manually copy the Agent Manager's certificate to a
specific location on the agent for explicit-trust to work.
Task 3: Editing the local
properties file
The communications modules for the appliance read their
authentication configuration from a file, and you must change that
file to identify the certificate used for explicit-trust authentication.
Task 4: Enabling explicit-trust
authentication
You must register with the Agent Manager, specify explicit-trust
authentication, and reboot the agent.
Table 12: Tasks for configuring explicit-trust authentication with an Agent Manager