Setting Up SSL/TLS Communication with an Agent

This procedure describes how to set up SSL/TLS communication with a Control-M/Agent deployed in a Kubernetes cluster. You perform this procedure using Control-M Automation API commands.

Use this same procedure also when you need to update the Agent certificate.

Before You Begin

  • Ensure that your computer contains the Certificate Authority (CA) that signs certificate requests from the Agent.

    This CA must be the same one that signs certificate requests from Control-M/Server, as described in Generating a Signed Certificate.

  • To run Control-M Automation API commands on the same computer, ensure that you have set up Control-M Automation CLI, as described in Control-M Automation API Installation.

Begin

  1. Deploy a Control-M/Agent to the Kubernetes cluster, as described in Deploying Agents Using a Helm Chart.

  2. Create a Certificate Signing Request (CSR) for the deployed Agent by running the following config server:agent:csr::create command:

    ctm config server:agent:csr::create <server> <agent> -f <configuration file>

    where the configuration file contains the following parameters:

    Copy 
    {  
       "organization": "example_organization",  
       "organizationUnit": "example_unit",  
       "cityLocality": "example_city",  
       "stateProvince": "example_state",  
       "country": "CO",  
       "emailAddress": "[email protected]"
    }

    The CSR file is created in PEM format.

  3. Get your organization's certificate authority (CA) to sign the CSR that you created in the previous step.

  4. Deploy the signed certificate to the Agent by running the following config server:agent:crt::deploy command:

    ctm config server:agent:crt::deploy <server> <agent> <crt_filepath> <ca_chain_filepath>

    ctm config server:agent:crt::deploy Server1 Agent1 /path/signed_cert.pem /path/ca_chain.pem

  5. Recycle the Agent by running the following config item::recycle command:

    ctm config item::recycle CTMS:Agent:<server>:<agent>

    ctm config item::recycle CTMS:Agent:Server1:Agent1

  6. Check that the Agent recycle has completed and the Agent is available by running the following config server:agent::ping command:

    ctm config server:agent::ping <server> <agent>

  7. Set SSL/TLS communication between the Control-M/Server and Agent by running the following config server:agent::update command:

    ctm config server:agent::update <server> <agent> sslState Enabled