My two-way client certificates aren’t mutually authenticated
Configuring synthetics with client certificates can be challenging. In some cases, the synthetics agent runs as the user who installed it, while the web driver runs under the created user user_agent. When this happens, changes don’t have any impact on the browser.
To achieve mutual authentication with AppDynamics’ private synthetics agent, use the following two PowerShell scripts called from the actual Python code.
NOTE: This process has been tested with Chrome Browser.
- Create a directory under the agent_user's directory, for example: C:\Users\agent_user\appd\)
- Create a script that will switch to the agent_user and execute the certificate import script.
$user = "agent_user"
$password = "xxxxxxx"
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($user, $secpasswd)
Start-Process powershell.exe -Credential $mycreds -NoNewWindow -ArgumentList "-noexit -command C:\Users\agent_user\appd\certificate.ps1"
- Create the script that will actually configure the certificate.
In this example, the certificate has been added under currentUser and into the user’s personal store. Other options include localMachine and AuthStore.
param([String]$certRootStore = "CurrentUser",[String]$certStore = "My",$pfxPass = "XXXXXXX")
Get-Process | Out-File -FilePath .\test.txt
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
- Make sure that agent_user is listed as an administrator, so they have the permissions to import the certificate
- Finally, run PowerShell from the Python script
driver = webdriver.Chrome()
p = subprocess.Popen(["powershell.exe"," C:\\Users\\agent_user\\appd\\certificate.ps1"],stdout=sys.stdout)