4.2.2.1. Procedure – Encrypting the communication between Zorp and the Zorp Authentication Agent on Linux platforms

Steps: 

1. Create a CA (for example, AA_CA) using the Zorp Management Console (ZMC). This CA will be used to sign the certificates shown by the Zorp firewalls to the Authentication Agents.

2. Export the CA certificate into PEM format.

3. Generate certificate request(s) for the Zorp firewall(s) and sign it with the CA created in Step 1.

   Note
   Each firewall shall have its own certificate. Do not forget to set the firewall as the Owner host of the certificate.

4. Distribute the certificates to the firewalls.

5. Install the Zorp Authentication Agent (ZAA) application to the workstations and import to each machine the CA certificate exported in Step 2.

   To import the CA certificate complete the following steps:

   1. Create the /etc/satyr/ca directory:

      mkdir /etc/satyr/ca

   2. Copy the certificate exported into PEM format in Step 2 into the /etc/satyr/ca directory.

   3. Create symlinks to the certificate files:

      c_rehash .

   4. Restart the Zorp Authentication Agent Multiplexer daemon:

      systemctl restart satyr-mpxd.service

      The authentication client is now ready to accept encrypted connections from Zorp.

6. Create the appropriate outband authentication policies in ZMC and reference them among the services of Zorp. For details, see Chapter 15, Connection authentication and authorization in Zorp Professional 7 Administrator Guide.