4.1.3. Configuring TLS connections on Microsoft Windows platforms

Authentication Agent Multiplexer and PNS can communicate through an TLS-encrypted channel. For this, a certificate has to be available on the PNS firewall that PNS uses to authenticate the connection to the Authentication Agent Multiplexer. The Authentication Agent Multiplexer verifies this certificate using the certificate of the CA issuing PNS's certificate, therefore the certificate of the CA has to be imported to the machine running the Authentication Agent.

Note
During authentication, when PNS communicates with AA, AA expects TLS-encrypted communication. In order to disable this and to use the communication without encryption (which is strongly against the recommendation, but useful for debugging purposes), the TLS encryption shall be disabled by setting the TLS registry key to value '0'. For details on this parameter, see Section 4.1, Configuring Authentication Agent on Microsoft Windows platforms. Also see, Procedure 3.1.1, Installing the Authentication Agent on Microsoft Windows.
Note

It is highly recommended to encrypt the communication between PNS and the Authentication Agent, because without it, anyone can connect to the Authentication Agent Multiplexer, resulting in the authentication information obtained by unauthorized people. It is essential to use encryption when password authentication is used. For details on encryption, see Procedure 3.1.1, Installing the Authentication Agent on Microsoft Windows.