AppDynamics Knowledge Base
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

How do I configure Synthetics for 2-way client certificates?

How do I configure Synthetics for 2-way client certificates?

My two-way client certificates aren’t mutually authenticated

Problem

Configuring synthetics with client certificates can be challenging. In some cases, the synthetics agent runs as the user who installed it, while the web driver runs under the created user user_agent. When this happens, changes don’t have any impact on the browser.

Solution

To achieve mutual authentication with AppDynamics’ private synthetics agent, use the following two PowerShell scripts called from the actual Python code. 

NOTE: This process has been tested with Chrome Browser.

  1. Create a directory under the agent_user's directory, for example: C:\Users\agent_user\appd\)
  2. Create a script that will switch to the agent_user and execute the certificate import script.

$user = "agent_user"

$password = "xxxxxxx"

$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force

$mycreds = New-Object System.Management.Automation.PSCredential ($user, $secpasswd)

Start-Process powershell.exe -Credential $mycreds -NoNewWindow -ArgumentList "-noexit -command C:\Users\agent_user\appd\certificate.ps1" 

  1. Create the script that will actually configure the certificate.

    In this example, the certificate has been added under currentUser and into the user’s personal store. Other options include localMachine and AuthStore.

param([String]$certRootStore = "CurrentUser",[String]$certStore = "My",$pfxPass = "XXXXXXX")

Set-ExecutionPolicy RemoteSigned

Get-Process | Out-File -FilePath .\test.txt

$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

$pfx.import("C:\Users\agent_user\appd\certificate.p12",$pfxPass,"PersistKeySet")

$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)

$store.open("MaxAllowed")

$store.add($pfx)

$store.close()

  1. Make sure that agent_user is listed as an administrator, so they have the permissions to import the certificate

  2. Finally, run PowerShell from the Python script

driver = webdriver.Chrome()

p = subprocess.Popen(["powershell.exe"," C:\\Users\\agent_user\\appd\\certificate.ps1"],stdout=sys.stdout)

p.communicate()

driver.get("https://domain.com")

Labels (1)
0 Karma
Version history
Last update:
‎01-24-2020 09:37 PM
Updated by: