Use > Server Automation > Manage the Server Agent > Install the SA Agent in third-party mode using ADT > Install SA Agent with SA bootstrap certificate and update to third party mode after installation

Install SA Agent with Agent bootstrap certificate and update to third-party mode after installation using ADT

Phase 1: Install the SA Agent with the SA Agent Bootstrap certificate

  1. Launch the SA Client and connect to an SA Core installed in third-party certificate mode.
  2. Go to Administration > System Configuration > Configuration Parameters > Data Access Engine (spin) and make sure the spin.agent.bootstrap_enabled parameter is set to 1. For more information on this parameter, see The spin.agent.bootstrap_enabled parameter.
  3. Click the Save button and restart the SA Spin component if you have any pending changes.
  4. Go to Devices > Servers > SA Agent installation and scan for unmanaged servers using the IP or the hostname of the server. Select the unmanaged servers on which you want to install the SA Agent.
    The server icon indicates agentless servers. If the servers are not powered on, the Install SA Agent option is disabled. See Server status icons.

  5. Specify your login and installation options to control the way the Agent is installed on the server. See Install the SA Agent using ADT for information on these options.

  6. In the Options section, enable the Verify prerequisites, copy installer, and install agent option. This downloads the Agent binary and the bootstrap certificate (agent.srv) file to your server, and runs the Agent install command.
  7. Make sure that cert_gen_enabled parameter is not specified in the Advanced > Extra installer options field.
  8. Click Start Job. When the Agent installation completes, the SA Client displays the results and updates the status icons for the servers.

Phase 2: Update your SA Agent certificate to use third-party certificate mode

After installing the SA Agent with the SA self-signed bootstrap certificate, generate a CSR for your CA, and import the third-party certificate using SA Agent scripts. This enables you to switch from SA Agent bootstrap certification to third-party certificate mode.
Alternatively, you can use the Recertify Agent Program Extension to automate some of the steps below. For more information, see the Agent recertification topic.

  1. Log into the managed server using a remote shell. On UNIX, log in as root. On Windows, log in as administrator.
  2. Remove any existing *.csr or .*crt files from your temporary PKI directory:
    • Linux: /var/tmp/pki
    • Windows: C:\Windows\Temp\PKI

  3. Launch the following script to generate the Agent's CSR (agent.csr file) and the certificate's private key (agent.key file):

    • Linux script: /opt/opsware/agent/pylibs/cog/generate_csr
    • Windows script: C:\Program Files\Opsware\agent\pylibs\cog\generate_csr.bat
    Optionally, you can add the --crypto_dir <your crypto folder> parameter to generate the CSR  in a custom crypto folder. Otherwise, the script creates the CSR in the temporary PKI folder.
  4. Collect the CSR file from your custom crypto folder created in step 3 or from the default PKI folder:
  5. Submit the CSR to your CA and import the resulting third-party certificate using the following script:/opt/opsware/agent/pylibs/cog/import_cert.
    This generates a .pkcs12 password-protected file under:
    • Linux: /var/opt/opsware/crypto/agent/agent.p12
    • Windows: C:\Program Files\Common Files\Opsware\crypto\agent\agent.p12
  6. Restart the SA Agent to finalize updating the SA Agent certificate to third-party certificate mode.

Send Help Center feedback