Hi Ankit,
If you use CAU to upgrade the agents (as mentioned above), then the server (JCP) certificate will be transfered to the agents and the ini file configured accordingly to use this certificate. This is the best option when using self-signed certificates.
If your server certificate is signed by a company/internal or public CA, then it is enough to install the root/intermediate certificates of the CA in the Windows certmgr (see screenshot), Unix OS store (depends on the platform, could be /etc/ssl/certs or /etc/pki/tls/certs for example) and Java cacerts keystore (with a tool like KeystoreExplorer for example - see sccreenshot). In this case, you don't need to change the agents ini file since they are able to load the certificates from these stores. As above mentioned, be aware if you have multiple Java installations which one(s) are used by the agents. To be sure, you can install the certificates in the Java cacerts keystore for all Java versions.
The documentation TLS entry page should also point you in the right direction if you need more information https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.5/Automic%20Automation%20Guides/Content/_Common/Security/Security_TLS.htm.
Hope this helps,
Oana
Original Message:
Sent: Mar 22, 2023 10:03 AM
From: Ankit Kumar
Subject: How can I deploy TLS certificate automatically in agents while upgrading agents from v12.3 to v21?
Hi,
we have 25 v12.3 agents running in our environment and we have to upgrade it to v21.0.5 version.
But our main concern is TLS certificate, how can we deploy the TLS certificate automatically in Agents because it is compulsory in V21.
Thanks,
Ankit