Automic Workload Automation

Hi,

we are currently testing version 12.3. We encountered some problems with CAPKI.

We want to use our own certificats and to separate them for agents and AE. The agent certificate should only be used to access the agent ServiceManager but not the AE. The AE (and their ServiceManagers in turn) should be able to access both the AE and the agents.

For this purpose, we have placed the Agent and AE certificates in the trusted folder of the Agent ServiceManager. Unfortunately, the ServiceManager only checks one of the two certificates at a time, so that you can either connect to the CLI of the agent or the server. But according to the documentation this should work: "To enable certificate validation, you have to create a folder that contains all certificates that the component should consider as trusted".

Has anyone successfully used CAPKI with multiple trusted certificates?

Best Regards
Tim

------------------------------
Automation Evangelist
Fiducia & GAD IT AG
---
Mitglied des deutschsprachigen Automic-Anwendervereins FOKUS e.V.
Member of the German speaking Automic user association FOKUS e.V.
------------------------------

"Has anyone successfully used CAPKI with multiple trusted certificates?"

Ich bezweifele, dass jemals irgendjemand CAPKI vernünftig zum laufen bekommen hat, bei der Doku....

------------------------------
IT-System Engineer / Automic Administration
HanseMerkur
------------------------------

Original Message:
Sent: 09-04-2019 02:56 AM
From: Tim Quakulinsky
Subject: Problem with CAPKI with multiple trusted certificates

Hi,

we are currently testing version 12.3. We encountered some problems with CAPKI.

We want to use our own certificats and to separate them for agents and AE. The agent certificate should only be used to access the agent ServiceManager but not the AE. The AE (and their ServiceManagers in turn) should be able to access both the AE and the agents.

For this purpose, we have placed the Agent and AE certificates in the trusted folder of the Agent ServiceManager. Unfortunately, the ServiceManager only checks one of the two certificates at a time, so that you can either connect to the CLI of the agent or the server. But according to the documentation this should work: "To enable certificate validation, you have to create a folder that contains all certificates that the component should consider as trusted".

Has anyone successfully used CAPKI with multiple trusted certificates?

Best Regards
Tim

------------------------------
Automation Evangelist
Fiducia & GAD IT AG
---
Mitglied des deutschsprachigen Automic-Anwendervereins FOKUS e.V.
Member of the German speaking Automic user association FOKUS e.V.
------------------------------

Hi,

i am facing the same issue like you had descibed. If i place only one certificate in the truststore everything is working fine.
But if two certificates are present in the trusstore only one certifcate can be used for authentication.

Best regards,
Bastian
Original Message:
Sent: 09-04-2019 02:56 AM
From: Tim Quakulinsky
Subject: Problem with CAPKI with multiple trusted certificates

Hi,

we are currently testing version 12.3. We encountered some problems with CAPKI.

We want to use our own certificats and to separate them for agents and AE. The agent certificate should only be used to access the agent ServiceManager but not the AE. The AE (and their ServiceManagers in turn) should be able to access both the AE and the agents.

For this purpose, we have placed the Agent and AE certificates in the trusted folder of the Agent ServiceManager. Unfortunately, the ServiceManager only checks one of the two certificates at a time, so that you can either connect to the CLI of the agent or the server. But according to the documentation this should work: "To enable certificate validation, you have to create a folder that contains all certificates that the component should consider as trusted".

Has anyone successfully used CAPKI with multiple trusted certificates?

Best Regards
Tim

------------------------------
Automation Evangelist
Fiducia & GAD IT AG
---
Mitglied des deutschsprachigen Automic-Anwendervereins FOKUS e.V.
Member of the German speaking Automic user association FOKUS e.V.
------------------------------