You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2023-02-13 19:11:42

htschannerl
Member
Registered: 2023-02-13
Posts: 1

Configure glpi-agent to authenticate by certificate mutual TLS

I need to ensure that only my computers can communicate with the server.

The best way I found was by using mutual TLS because I have an internal CA and want to use it.

So, I want to know if I can configure the glpi-agent to connect to a server informing one certificate to do the mutual TLS.

My infra is with a glpi server beyond one traefik proxy where I configured the authentication by certificate.

Please help me.

Offline

#2 2023-02-14 11:30:47

gbougard
Moderator
From: Montpellier, France
Registered: 2021-07-21
Posts: 537
Website

Re: Configure glpi-agent to authenticate by certificate mutual TLS

Hi htschannerl

you can try to create a client certificate for agents, install it with agentq in a PEM format file and set its path in the agent configuration with the "ssl-cert-file" parameters. This is not well tested so your feedback will be appreciated.


GLPI-Agent developer from Teclib' and GLPI-Network team
Previously FusionInventory-Agent maintainer

Offline

#3 2023-03-08 19:46:43

liberty
Member
Registered: 2013-09-29
Posts: 12

Re: Configure glpi-agent to authenticate by certificate mutual TLS

my case self-signed certificate for apache with a forced redirection.

- try in /etc/fusioninventory/agent.cfg fill it like this ca-cert-dir = /etc/ssl/certs/
- systemctl restart fusioninventory-agent
- fusioninventory-agent
you'll have no error
therefore you'll access agent in web browser in http "http://localhost:62354/".
IT WORKED FOR ME.

look:

info] target local0: local /tmp
[info] running task Inventory
[info] New inventory from glpi-2023-03-07-20-22-19 for local0
[info] Inventory saved in /tmp/glpi-2023-03-07-20-22-19.ocs
[info] running task Inventory
[info] New inventory from glpi-2023-03-07-20-22-19 for local0
[info] Inventory saved in /tmp/glpi-2023-03-07-20-22-19.ocs
[info] target server0: server https://localhost/glpi/marketplace/fusioninventory/
[info] sending prolog request to server0
[info] running task Inventory
[info] New inventory from glpi-2023-03-07-20-22-19 for server0
[info] running task Inventory
[info] New inventory from glpi-2023-03-07-20-22-19 for server0

Offline

Board footer

Powered by FluxBB