4.2.2.1. Procedure – Encrypting the communication between PNS and the Authentication Agent on Linux platforms
Steps:
Create a CA (for example,
AA_CA) using the Management Console (MC). This CA will be used to sign the certificates shown by the PNS firewalls to the Authentication Agents.Export the CA certificate into
PEMformat.Generate certificate request(s) for the PNS firewall(s) and sign it with the CA created in Step 1.
Note Each firewall shall have its own certificate. Do not forget to set the firewall as the Owner host of the certificate.
Distribute the certificates to the firewalls.
Install the Authentication Agent (AA) application to the workstations and import to each machine the CA certificate exported in Step 2.
To import the CA certificate complete the following steps:
Create the
/etc/auth-agent/cadirectory:mkdir /etc/auth-agent/ca
Copy the certificate exported into
PEMformat in Step 2 into the/etc/auth-agent/cadirectory.Create symlinks to the certificate files:
c_rehash .
Restart the :
systemctl restart auth-agent-mpxd.service
The authentication client is now ready to accept encrypted connections from PNS.
Create the appropriate outband authentication policies in MC and reference them among the services of PNS. For details, see Chapter 15, Connection authentication and authorization in Proxedo Network Security Suite 2 Administrator Guide.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu
