Configuring a Windows Agent to be a Remote Job Adapter Proxy

Designating the Port for HTTPS

To designate the HTTPS port:

  1. Click All Programs > Tidal Automation > Instance Manager on the Windows Start menu to display the Instance Manager.

  2. Click Edit to display the Agent Instance dialog.

  3. Enter the port number on the Configuration tab in the Remote Job Port(s) (RJAPORT).

  4. Click OK.

  5. Click Start.

    Note: If the RJAPort is not specified in the Agent Instance Manager, proxy support is not available in this agent. Until the RJAPort parameter is specified, the Adapter cannot use the agent.

    After you add the RJAPort parameter, add another dependency to the agent service definition called HTTP SSL:

    • Click Edit for the specific agent in the Instance Manager.

    • Choose the Dependencies tab and choose HTTP SSL as a new dependency.

    Note: Note that you must add this dependency for the Agent to initiate automatically at system startup.

Assigning a Certificate to the Port for HTTPS

If your machine already has a valid server certificate, you should only perform Steps 4 and 5 below.

To create a self-signed host certificate and configure it to a port:

  1. Open a DOS prompt (Command Shell).

    1. Click Run on the Windows Start menu.

    2. Enter cmd in the Run dialog.

    3. Click OK.

  2. Enter this to create and install a self-signed certificate in the certificate store:

    makecert -r -pe -n "CN=localhost" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange

    Note: The makecert command is available in the SDK if you have Visual Studio 2005 installed (Microsoft Visual Studio 8\SDK\v2.0\Bin). Search the internet to determine other available options for obtaining a certificate.

  3. Start Microsoft Management Console (mmc) and copy the certificate "local" located in Personal > Certificates into Trusted Root Certification Authorities > Certificates.

  4. Run either the httpcfg.exe (pre-2008 systems) or netsh (post-2008 systems) command at the DOS prompt (Command shell).

    Note: The port used to connect from the Master to the proxy agent via HTTPS (the RJAPORT) must be configured to use SSL.

    For pre-2008 systems: 

    httpcfg.exe set ssl -i 0.0.0.0:PPPPP -c "Root" -h XXXXX

    where 0.0.0.0:PPPPP is the IP and port. This is for https://localhost:PPPPP, where XXXX is the thumbprint value of the local certificate.

    To obtain the thumbprint of a certificate, open the certificate and click the Details tab. Copy the thumbprint and delete all blanks (spaces) between numbers in the thumbprint.

    Note: The name after -c option in the httpcfg set command must match the certificate store, Tidal recommends using Root (see below).

    Store Names:

    • AddressBook: The X.509 certificate store for other users.

    • AuthRoot: The X.509 certificate store for third-party certificate authorities (CAs).

    • CertificateAuthority: The X.509 certificate store for intermediate certificate authorities (CAs).

    • Disallowed: The X.509 certificate store for revoked certificates.

    • My: The X.509 certificate store for personal certificates.

    • Root: The X.509 certificate store for trusted root certificate authorities (CAs).

    • TrustedPeople: The X.509 certificate store for directly trusted people and resources.

    • TrustedPublisher: The X.509 certificate store for directly trusted publishers.

    For post-2008 systems:

    netsh http add sslcert ipport=0.0.0.0:PPPPP certhash=XXXX appid={YYYYYY}

    where

    • ipport=0.0.0.0:PPPPP (example: 0.0.0.0:50001) is the IP and port used for the URL, as in https://localhost:PPPPP.

    • certhash= XXXX is the thumbprint value of the local certificate. To obtain the thumbprint of a certificate, open the certificate and click the Details tab. Copy the thumbprint and delete all blanks (spaces) between numbers.

    • appid={YYYYYY} is a GUID identifying the owning application.

  5. Click OK.