Set Up Server Authentication on Agents

To establish server authentication on agents, you must create an agent truststore that contains the root certificate for the authority that signed the Controller's certificate.

For each authorized agent:

  1. Obtain one of the following root certificates:
    • The root certificate for the publicly known certificate authority (CA) that signed the certificate for your on-premises Controller.
    • The root certificate for the internal CA that signed the Controller certificate for your on-premises Controller.
  2. Run the Java keytool command to create the agent truststore: 
    keytool -import -alias rootCA -file /usr/home/appdynamics/DigicertGlobalRootCA.pem -keystore cacerts.jks -storepass MySecurePassnword
    For example: 
    keytool -import -alias rootCA -file /usr/home/appdynamics/DigicertGlobalRootCA.pem -keystore cacerts.jks -storepass MySecurePassnword
    Note: Note the truststore password because you will need this later to configure the authorized agent.
  3. Install the Agent truststore to the agent configuration directory: 
    <authorized_agent_home>/conf/
  4. For each authorized agent, specify the following properties in the <agent-home>/conf/controller-info.xml file as follows:
    • <controller-ssl-enabled>true</controller-ssl-enabled>
    • <controller-port>8181</controller-port>
    • <controller-keystore-filename>cacerts.jks</controller-keystore-filename>
    • <controller-keystore-password>MySecurePassnword</controller-keystore-password>