ControlUp Community

Connect, Learn, and Grow

How does ControlUp Agent Certificate Communication Work?

Posted on

It was asked if a single certificate needs to be used across Real-Time Consoles, Monitors, and ControlUp Agents, with the Consoles and Monitors holding the private key while the public key is deployed to the Agents. Remediation can be automated for the agents with a GPO, and for the Console/Monitors with a supported PowerShell scripted provided by ControlUp. More information on agent certificate communication can be found at https://support.controlup.com/v1/docs/certificate-based-agent-authentication.

Read the entire ‘Automating Certificate Remediation with ControlUp Agents’ thread below:

Can anyone verify that I correctly understand the way that agent certificate communication works? https://support.controlup.com/v1/docs/certificate-based-agent-authentication

It looks like a single certificate needs to be used on Real-Time Consoles, Monitors and ControlUp Agents. With the Consoles and Monitors holding the private key and the public key being deployed to the Agents.

If I was enabling this in an Enterprise I would first expect to use ADCS or similar issued certificates that are auto-renewed. And then just tell ControlUp to trust certificates issued by that CA. This allows auto-renewing and reduces the remediation effort if a single private key is compromised.

That is not possible in ControlUp though, am I right?

You got this right @member. Not sure about ADCS, but in regards to automation, you can achieve it via the following method:

  1. for the agents, you can use a GPO (or any other method) to make sure the agents always have the latest public key certificate deployed and relevant registry keys configured
  2. for the Console / Monitors, it’s again just making sure that the relevant cert with the private key and the registry keys are up to date. we have a supported PowerShell script that automates this task, so you can use the PowerShell automation method each time you need to update the cert / keybut indeed, this is a single private key across the enterpriseThanks Yoni!

Continue reading and comment on the thread ‘How does ControlUp Agent Certificate Communication Work?’.  Not a member? Join Here!

Categories: All Archives, ControlUp for VDI, ControlUp Scripts & Triggers
Topics: , , , , , ,

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!