Help
Not a customer? Start a free trial

Click the Start a free trial link to start a 30-day SaaS trial of our product and join our community as a trial customer. If you are an existing customer do not start a free trial.

AppDynamics customers and established members should click the sign in button to authenticate.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do I configure Synthetics for 2-way client certificates?

Jason.Riddell
AppDynamics Team

on ‎01-24-2020 09:37 PM - edited on ‎01-24-2020 09:52 PM by

My two-way client certificates aren’t mutually authenticated

 

Problem

Configuring synthetics with client certificates can be challenging. In some cases, the synthetics agent runs as the user who installed it, while the web driver runs under the created user user_agent. When this happens, changes don’t have any impact on the browser.

 

Solution

To achieve mutual authentication with AppDynamics’ private synthetics agent, use the following two PowerShell scripts called from the actual Python code. 

NOTE: This process has been tested with Chrome Browser.

 

  1. Create a directory under the agent_user's directory, for example: C:\Users\agent_user\appd\)
  2. Create a script that will switch to the agent_user and execute the certificate import script.

$user = "agent_user"

$password = "xxxxxxx"

$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force

$mycreds = New-Object System.Management.Automation.PSCredential ($user, $secpasswd)

Start-Process powershell.exe -Credential $mycreds -NoNewWindow -ArgumentList "-noexit -command C:\Users\agent_user\appd\certificate.ps1" 

 

  1. Create the script that will actually configure the certificate.

    In this example, the certificate has been added under currentUser and into the user’s personal store. Other options include localMachine and AuthStore.

param([String]$certRootStore = "CurrentUser",[String]$certStore = "My",$pfxPass = "XXXXXXX")

Set-ExecutionPolicy RemoteSigned

Get-Process | Out-File -FilePath .\test.txt

$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

$pfx.import("C:\Users\agent_user\appd\certificate.p12",$pfxPass,"PersistKeySet")

$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)

$store.open("MaxAllowed")

$store.add($pfx)

$store.close()

 

  1. Make sure that agent_user is listed as an administrator, so they have the permissions to import the certificate

  2. Finally, run PowerShell from the Python script

driver = webdriver.Chrome()

p = subprocess.Popen(["powershell.exe"," C:\\Users\\agent_user\\appd\\certificate.ps1"],stdout=sys.stdout)

p.communicate()

driver.get("https://domain.com")

0 Kudos
Version history
Last update:
‎01-24-2020 09:52 PM
Updated by:

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support