Downloading an agent-cert.ssl Remotely from an Unix-Based DCS Managed Agent
search cancel

Downloading an agent-cert.ssl Remotely from an Unix-Based DCS Managed Agent


Article ID: 215479


Updated On:


Data Center Security Server Advanced


The following article will provide step-by-step instructions on how to obtain an agent-cert.ssl remotely via CLI (command line interface) commands from an Unix-based machine.  The agent-cert.ssl is stored by the DCS (Data Center Security) Agent into a local JRE trust store for Agent to DCS Manager communication


Release : 6.5+

Component : Data Center Security (DCS) Agent - Trusted Keystore

System Requirements: OpenSSL & Terminal Access


This "remote" method of gathering the agent-cert.ssl is an effective method of obtaining SSL trust between the DCS Agent and its corresponding DCS Manager. This method may also be employed to test/validate communication between and Agent and Manger where SSL-offloading or "passthrough" is being deployed either on a reverse proxy or outbound proxy


Execute the following command from terminal:

openssl s_client -showcerts -connect <FQDN or HOSTNAME of Manager>:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >agent-cert.ssl

For example:

openssl s_client -showcerts -connect DCSMANAGER:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >agent-cert.ssl

Note: If the above command is successful the agent-cert.ssl will be populated with either the self-signed or root certificate of the Manager. If you are using any other port, other than the default 443 for Agent communication then substitute "443" for the assigned port

Confirm that the agent-cert.ssl was properly populated with a command like:

cat agent-cert.ssl

Note: A proper certificate will display "BEGIN CERTIFICATE" and "END CERTIFICATE" within the output of the above command

Follow the published sisipsconfig Tool commands to add the updated agent-cert.ssl to the Agent's trusted certificate store