How to Configure TLS Between Zena Components

To enable TLS between Scheduler and Client Manager:

  1. Add the following configuration parameters to the config file of the Client Manager plugins (servers.xml) in the Client Manager’s config directory and also to the config file of Scheduler(server_1.xml) for which TLS is being enabled:

    2. TLS_SUPPORTED="YES"

    TLS_KEYSTORE_PATH="<Your Certificate as a Java Keystore File>"

    TLS_KEYSTORE_PASSWD="<Your Java Keystore’s Password>"

    TLS_TRUSTSTORE_PATH="<Truststore with all the public key certificates of other components that will make TLS connection to this component>"

    TLS_TRUSTSTORE_PASSWD="<Truststore password>"

  2. Make sure that the public key certificates of the Client Manger and Scheduler are present in the Truststores of each other.
  3. Save the config file and recycle the Client Manager/Scheduler using the ZenaStat command line utility.

To enable TLS between an Agent and a Scheduler/ClientManger

  1. Add the same configuration parameters listed above in the config files of both the Scheduler and the Agent between which TLS communication needs to be enabled.
  2. Make sure that the public key certificates of the Agent and Scheduler/ClientManager are added in each other’s Truststore.
  3. In the Agent Record in Webclient go to Properties → Encryption and enable the “TLS_SUPPORTED” field and save the Agent Record.
  4. Recycle the ClientManager, Scheduler and Agent using the ZenaStat command line utitlity.
TLS needs to be enabled together in both the Scheduler and Client Manager, but it can be enabled selectively for the Agents.
The TLS_KEYSTORE_PATH and TLS_TRUSTSTORE_PATH certificates are both expected in Java Keystore(JKS) format. Follow the Java vendor's documentation on creating a Java Keystore, exporting and adding public key certificates to a truststore using the "Keytool" utility of Java.