cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Not a customer? Start a free trial

Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.

AppDynamics customers and established members should click the sign in button to authenticate.

Knowledge Base

How do I configure Synthetics for 2-way client certificates?

My two-way client certificates aren’t mutually authenticated

 

Problem

Configuring synthetics with client certificates can be challenging. In some cases, the synthetics agent runs as the user who installed it, while the web driver runs under the created user user_agent. When this happens, changes don’t have any impact on the browser.

 

Solution

To achieve mutual authentication with AppDynamics’ private synthetics agent, use the following two PowerShell scripts called from the actual Python code. 

NOTE: This process has been tested with Chrome Browser.

 

  1. Create a directory under the agent_user's directory, for example: C:\Users\agent_user\appd\)
  2. Create a script that will switch to the agent_user and execute the certificate import script.

$user = "agent_user"

$password = "xxxxxxx"

$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force

$mycreds = New-Object System.Management.Automation.PSCredential ($user, $secpasswd)

Start-Process powershell.exe -Credential $mycreds -NoNewWindow -ArgumentList "-noexit -command C:\Users\agent_user\appd\certificate.ps1" 

 

  1. Create the script that will actually configure the certificate.

    In this example, the certificate has been added under currentUser and into the user’s personal store. Other options include localMachine and AuthStore.

param([String]$certRootStore = "CurrentUser",[String]$certStore = "My",$pfxPass = "XXXXXXX")

Set-ExecutionPolicy RemoteSigned

Get-Process | Out-File -FilePath .\test.txt

$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

$pfx.import("C:\Users\agent_user\appd\certificate.p12",$pfxPass,"PersistKeySet")

$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)

$store.open("MaxAllowed")

$store.add($pfx)

$store.close()

 

  1. Make sure that agent_user is listed as an administrator, so they have the permissions to import the certificate

  2. Finally, run PowerShell from the Python script

driver = webdriver.Chrome()

p = subprocess.Popen(["powershell.exe"," C:\\Users\\agent_user\\appd\\certificate.ps1"],stdout=sys.stdout)

p.communicate()

driver.get("https://domain.com")

Version history
Last update:
‎01-24-2020 09:52 PM
Updated by:
Labels (1)
By replying you agree to the Terms and Conditions of the AppDynamics Community.
0 Kudos