Knowledge Base

cancel
Showing results for 
Search instead for 
Did you mean: 

How do I configure Synthetics for 2-way client certificates?

My two-way client certificates aren’t mutually authenticated

 

Problem

Configuring synthetics with client certificates can be challenging. In some cases, the synthetics agent runs as the user who installed it, while the web driver runs under the created user user_agent. When this happens, changes don’t have any impact on the browser.

 

Solution

To achieve mutual authentication with AppDynamics’ private synthetics agent, use the following two PowerShell scripts called from the actual Python code. 

NOTE: This process has been tested with Chrome Browser.

 

  1. Create a directory under the agent_user's directory, for example: C:\Users\agent_user\appd\)
  2. Create a script that will switch to the agent_user and execute the certificate import script.

$user = "agent_user"

$password = "xxxxxxx"

$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force

$mycreds = New-Object System.Management.Automation.PSCredential ($user, $secpasswd)

Start-Process powershell.exe -Credential $mycreds -NoNewWindow -ArgumentList "-noexit -command C:\Users\agent_user\appd\certificate.ps1" 

 

  1. Create the script that will actually configure the certificate.

    In this example, the certificate has been added under currentUser and into the user’s personal store. Other options include localMachine and AuthStore.

param([String]$certRootStore = "CurrentUser",[String]$certStore = "My",$pfxPass = "XXXXXXX")

Set-ExecutionPolicy RemoteSigned

Get-Process | Out-File -FilePath .\test.txt

$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

$pfx.import("C:\Users\agent_user\appd\certificate.p12",$pfxPass,"PersistKeySet")

$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)

$store.open("MaxAllowed")

$store.add($pfx)

$store.close()

 

  1. Make sure that agent_user is listed as an administrator, so they have the permissions to import the certificate

  2. Finally, run PowerShell from the Python script

driver = webdriver.Chrome()

p = subprocess.Popen(["powershell.exe"," C:\\Users\\agent_user\\appd\\certificate.ps1"],stdout=sys.stdout)

p.communicate()

driver.get("https://domain.com")

Version history
Revision #:
3 of 3
Last update:
‎01-24-2020 09:52 PM
Updated by:
 
Labels (1)


Found this article helpful? Click the Thumbs Up button.
Have an additional comment? Post it below.
0 Kudos