13.2.4. Procedure – Configuring SSL handshake parameters for agents

With the SSL handshake settings (SSL) parameter you can set certificate verification parameters for the agent and other handshake-related information to be used between the agent and the MS.

  1. Select verification level in the Verify depths field to decide how many levels are verified in the certificate hierarchy.

    Values from 0 to 100 are allowed.

  2. Choose Groups or Advanced with the radio buttons.

    Note

    You are recommended to use the PKI groups configuration.

    1. In Groups settings select the certificate entity for the agent.

      For example: MS_engine.

      If you open the Certificate selector window you can see the unique identifier of the MS host and also certificate information, such as version, serial number, issue date and validity period, algorithms and keys.

      Tip

      This information is useful when selecting which certificate to use.

    2. Select engine validator CA group.

      For example: MS_engine_CA.

      If you open the CA group selector window you can define the CA group which is used to verify the certificate of the agents during the handshake. Data is available on CA group name, certificate name and certificate information for the selected CA groups.

      OR

    3. In Advanced settings enter manually the following data.

      • full path of the file where the private key is stored,

      • certificate,

      • CA directory identifying the directory where the CA certificate entities are stored,

      • and CRL directory giving the place of the CRLs corresponding to the CA

        screenshot

      Advanced settings of SSL connection parameters

      Figure 13.19. Advanced settings of SSL connection parameters