Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Managing the Agent Service Certificate

The agent service certificate is used for communication between the profiler and agent.

Prerequisites

You have logged in to the Kunpeng DevKit.

Only the administrator devadmin can generate certificates, replace certificates, and change working keys. Common users can only view certificate information.

Querying Agent Service Certificate Information

  1. Click in the upper right corner of the page. Choose General Settings > Certificate Management > Agent Server Certificates.
  2. View certificate details on the Agent Server Certificates page, as shown in Figure 1. Table 1 describes the parameters.
    Figure 1 Agent service certificates
    Table 1 Parameter description

    Parameter

    Description

    Node IP address

    IP address of the node.

    Node Name

    Node name.

    Certificate Name

    Name of the certificate.

    Certificate Expiration Time

    Time when the certificate expires.

    Status

    Certificate status. The values are as follows:

    • Valid: The certificate is valid.
    • About to expire: The remaining validity period is less than or equal to the certificate expiration alarm threshold.
    • Expired: The certificate has expired.
    NOTE:
    • The tool automatically checks and updates the certificate status at 02:00 every day.
    • The default alarm threshold of the agent service certificate is 90 days. The administrator can click on the home page of the System Profiler and choose System Settings to change the value of Agent Certificate Expiration Alarm Threshold (days). The value ranges from 7 to 180 days.

Creating and Replacing a Certificate

The SSL certificate sets up an SSL security channel between the Kunpeng DevKit server and an agent to transmit encrypted data between them and prevent data disclosure. For security purposes, you are advised to update the certificates periodically.

  • It is not advised to replace the certificate when executing an analysis task.
  • Replace the certificate on the day when the certificate is generated.
  • The dialog box for replacing a certificate is displayed only when you replace a certificate on an Agent node.
  1. Click Replace Certificate in the upper left corner on the Agent Service Certificates page. The Replace Certificate dialog box is displayed, as shown in Figure 2. The node installed by the root user is used as an example.
    Figure 2 Replacing a certificate
  2. Click OK.

Updating the Working Key

The working key is used to encrypt the private key files of the server and agent. For security purposes, you are advised to update the working key periodically.

It is not advised to update the working key when executing an analysis task.

  1. Click in the upper right corner of the page. Choose General Settings > Certificate Management > Agent Server Certificates.
  2. Click Update Working Key in the Operation column of a node.

    The Update Working Key dialog box is displayed, as shown in Figure 3.

    Figure 3 Updating a working key
  3. Click OK.
Parent topic: Certificate Management