Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Arellia Agent Installation WILL FAIL if you have not installed all of the prerequisites! See /wiki/spaces/AMS/pages/1153427 before continuing!

During installation of the Arellia Agent the following changes will be made to the target client machine:

  1. Agent binary files will be installed to multiple directories under the default location of C:\Program Files\Arellia
  2. Agent configuration files will be installed to multiple directories under C:\ProgramData\Arellia
  3. A firewall rule will be added that allows inbound traffic to the Arellia Agent on TCP port 5593
  4. A digital certificate will be selected for use in encrypting client/server communications.

    Pre-existing certificates will be inspected and if one matches the following criteria it will be used:
  • Certificate must belong in the Local Machine store and be issued to the hostname or FQDN of the client machine
  • If there are certificates that specify a Subject Alternative Name whose DNS Name matches the machine FQDN they will also be considered
  • Certificate intended purpose must be for All Purposes or Client Authentication
  • Certificate chain must only contain trusted Certification Authorities
  • Certificate must have a private key that LocalSystem and the Administrators group can read

  • In the case of multiple certificates meeting the above criteria the following selection priority will be used:

    Priority 1Certificates issued by a trusted Certification Authority to FQDN of client machine 
    Priority 2Certificates issued by a trusted Certification Authority to hostname (or FQDN using Subject Alternative Name) of client machine 
    Priority 3Self-signed certificates issued to FQDN of client machine 
    Priority 4Self-signed certificates issued to hostname (or FQDN using Subject Alternative Name) of client machine 

If multiple certificates are match the same priority level the certificate with the longest validity from the current date will be selected.

If after evaluating all of these criteria no certificate is identified as a candidate the Arellia Agent installation will generate its own trusted self-signed certificate. This certificate will be valid for a period of 5 years.

 

 

  • No labels