Previous Topic: Register the Claims Search Service Endpoint on all WFE ServersNext Topic: Change the Value of the EnableWebAgent Parameter

Agent for SharePoint GuideAdvanced OptionsHow to Enable SSL for the Agent for SharePointCreate a Trusted Store for the Root Certificate Authority Certificate

Create a Trusted Store for the Root Certificate Authority Certificate

The server on which your Agent for SharePoint runs also requires a separate trusted store for the root certificate authority certificates. If you use certificates signed by a third-party certificate authority, import the certificate authority certificate signed by the third party into this trusted store. If you are using a self-signed certificate import either the self-signed certificate or the associated public key into this trusted store.

Important! Do not use self-signed certificates in production environments. We recommend using self-signed certificates in test environments only.

Follow these steps:

Note: This procedure provides one possible example of how to configure this feature using third-party tools. CA Technologies did not develop nor provide these tools. These tools are subject to change at any time by the third party without notice. Use this procedure as a guide for configuring this feature in your specific environment. The actual steps that are required in your situation could be different from the steps that are shown here.

  1. Copy your certificate to the server on which your Agent for SharePoint runs.
  2. Open a Command Prompt window.
  3. Create a trusted store with the following command: 
    Keytool -importcert -alias alias_name -file path_to_root_certificate -trustcacerts -keystore relative_path_to_trusted_store -storepass trusted_store_password -storetype JCEKS

    Note: We recommend using a relative location under the Agent-for-SharePoint_home\SSL\keys directory

Update the SSLConfig.properties File

The next step of the process of creating a mutual trust relationship is updating the SSLConfig.properties file.

The server that runs your Agent for SharePoint requires a password-protected location (trust store) for the client authentication certificate. Specify a password for the trust store when creating it.

Follow these steps:

  1. Run the following command on the server that runs your Agent for SharePoint: 
    GenerateSSLConfig -keystorepass keystore_password -truststore TrustStore.jceks -truststorepass truststore_password

    A confirmation prompt for your trust store password appears.

  2. Re—enter your trust store password.

    A confirmation prompt for client authentication appears.

  3. Enter yes.

    The SSLConfig.properties file is updated. Continue with the next step of restarting your Agent for SharePoint.

Restart the Agent for SharePoint

Starting or stopping the Agent for SharePoint involves the following separate procedures:

  1. Changing the value of EnableWebAgent in the WebAgent.conf file.
  2. Changing the state of the related services on the computer running the Agent for SharePoint.