Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »


To change the Bastion certificate you need to edit your bastion.xml file located at:

Agat/Bastion/bastion.xml

In each listener you have configured you should look at the certificates tag:

  • caBundleFile - path to the certificate authority bundle file (in case that you want to use ssl from Bastion to  the published server)
  • caCertsDirPath - path to the certificate authority files (in case that you want to use ssl from Bastion to the published server)
  • ignoreUpstreamCertificatesErrors - whether or not published certificates should be verified
  • path - the certificate location that the Bastion will present to clients
  • privatekey - the private key location related to the certificate
  • intermediateCaChain - path to intermediate ca bundle file

You can configure the certificate in a few ways:

  • Use a .pfx file containing both the public and private key (in that case you do not need enter in privatekey tag)
  • Use seperate files for the certificate and the private key.
  • Use a certificate installed in your local machine certificate store (as shown in the picture). In that case you do not need to enter a value to the privatekey tag.
    The path should look as follows:

store:/LocalMachine/My/#667B3CC8ADF2B13BB9F4BF258F3232C337EE3389

         For the store name you can use:

  • LocalMachine
  • CurrentUser
  • CurrentService

         For each one of those you can use:

  • MY
  • ROOT
  • TRUST
  • CA

         # Marks that the following is thumbprint of the certificate found in the relevant store.
            You can find the thumbprint by opening the certificate and going to the details tab, there you should look for the Thumbprint field:

           

  • No labels