Authentication Certificates

Obtain a certificate from a trusted certificate authority (CA) or create your own self-signed certificate, and install the appropriate certificate in the Agentry Server and to the Agentry Clients.

You can increase or decrease the key lengths in the Agentry.ini file.

Minimum key exchange length: 512 bits
Minimum stream encryption algorithm length: 40 bits

Increasing the minimums can lock out any client devices that do not support the required key length.

The Agentry Client supports Agentry Server authentication. This allows the Agentry Client to authenticate the Agentry Server. To enable this feature, Agentry requires a server certificate either from a certificate authority or a self-signed certificate. SAP does not provide this certificate.

The Agentry Server supports Agentry Client authentication for Windows clients only. This allows the Agentry Server to authenticate each Agentry Client. To enable this feature, Agentry requires certificates for each of the Agentry Clients from a certificate authority or a self-signed certificate. SAP does not provide these certificates.

Authentication Certificate Creation for Agentry

The PFX file on the Agentry Server can be named any unique name. The SST file on the Agentry Client, however, must be named AgentryTrustedCertificates.sst.

Note: If the certificate installed on the Server is unknown to the client device (not in that device’s trusted root certificates), you must add the certificates to the Agentry Client by replacing the SST file with either a self-signed or a CA certificate.

Creating a Self-Signed Certificate Using OpenSSL
Create your own self-signed certificate using OpenSSL.
Creating CA Certificate for Agentry
Create a CA certificate using OpenSSL.
Generating a Certificate That is Signed by a Certificate Authority
Generate a certificate and have it signed by a Certificate Authority (CA).

Parent topic: Agentry Server Security