Downloading certificates using a different user

Procedure to download and deploy certificates from the master domain manager to agents using a user different from the user which installed the master domain manager.

About this task

To define a user different from the user which installed the master domain manager, perform the following steps:

Procedure

  1. Browse to the authentication_config.xml file located in:
    On UNIX operating systems
    TWA_DATA_DIR/usr/servers/engineServer/configDropins/overrides
    On Windows operating systems
    TWA_home\usr\servers\engineServer\configDropins\overrides
  2. Create a backup copy of the file to a different directory and add the new user and password to the file in the overrides directory.
  3. Create a new role for the user, as follows:
    composer new srol
    SECURITYROLE DOWNLOAD_CERT_SROLE
    FILE DISPLAY
    END
  4. Create a new domain for the user, as follows:
    composer new sdom
    SECURITYDOMAIN DOWNLOAD_DOMAIN
    FILE NAME="AGENT_CERTIFICATE"
    END
  5. Create a new access control list for the user, as follows:
    composer new acl
    ACCESSCONTROLLIST FOR DOWNLOAD_DOMAIN
    other_user DOWNLOAD_CERT_SROLE
    END
    where other_user is the user inserted into authentication_config.xml.

    You can now use the other_user, which has only the DISPLAY role for file AGENT_CERTIFICATE, to run the AgentCertificateDownload script and download and deploy the certificate.

    You can also perform the same operations from the Dynamic Workload Console, as described in Managing Workload Security.