Downloading certificates using a different user
Procedure to download and deploy certificates from the master domain manager to agents using a user different from the user which installed the master domain manager.
About this task
To define a user different from the user which installed the master domain manager, perform the following steps:
Procedure
-
Browse to the authentication_config.xml file located
in:
-
- On UNIX operating systems
- TWA_DATA_DIR/usr/servers/engineServer/configDropins/overrides
- On Windows operating systems
- TWA_home\usr\servers\engineServer\configDropins\overrides
-
- Create a backup copy of the file to a different directory and add the new user and password to the file in the overrides directory.
-
Create a new role for the user, as follows:
composer new srol
SECURITYROLE DOWNLOAD_CERT_SROLE FILE DISPLAY END
-
Create a new domain for the user, as follows:
composer new sdom
SECURITYDOMAIN DOWNLOAD_DOMAIN FILE NAME="AGENT_CERTIFICATE" END
-
Create a new access control list for the user, as follows:
composer new acl
where other_user is the user inserted into authentication_config.xml.ACCESSCONTROLLIST FOR DOWNLOAD_DOMAIN other_user DOWNLOAD_CERT_SROLE END
You can now use the other_user, which has only the DISPLAY role for file AGENT_CERTIFICATE, to run the AgentCertificateDownload script and download and deploy the certificate.
You can also perform the same operations from the Dynamic Workload Console, as described in Managing Workload Security.