Request certificates automatically


Nodes that you manage with HTTPS agents require certificates. Certificates enable nodes to communicate securely with the management server and other nodes.

When you deploy an HTTPS agent to a node using the console, the node requests certificates automatically from the management server. The node encrypts the certificate request using a key, which is embedded in the agent software. This is more secure than sending the request unencrypted, but does not provide full security.

The request must then be granted on the management server. You can configure this to happen automatically or manually. After this happens, the management server sends the certificates to the node. If the management server denies the certificate request you can send another using the following command on the managed node:

ovcert -certreq

In a highly secure environment, you should disable automatic certificate requests. Do this by setting the certificate deployment type to manual in the HTTPS agent installation defaults. You then need to either request the certificates with installation key or deploy the certificates manually.

Related Topics: