When you install a Web Agent on a server for the first time, you are prompted to register that server as a trusted host. After the trusted host is registered, you do not have to re-register with subsequent Agent installations. There are some situations where you may need to re-register a trusted host independently of installing an Agent, such as the following:
The registration tool, smreghost, re-registers a trusted host. This tool is installed in the web_agent_home\bin directory when you install a Web Agent.
Indicates the directory where the Web Agent is installed.
Default (Windows installations): C:\Program Files\CA\webagent
Default (UNIX installations): /opt/ca/webagent
To re-register a trusted host using the registration tool
smreghost -i policy_server_IP_address:[port] -u administrator_username -p Administrator_password -hn hostname_for_registration -hc host_configuration_ object
Note: Separate each command argument from its value with a space. Surround any values that contain spaces with double quotes ("). See the following
example:
smreghost -i 123.123.1.1 -u SiteMinder -p mypw -hn "host computer A" -hc DefaultHostSettings
The following example contains the -o argument:
smreghost -i 123.123.1.1 -u SiteMinder -p mypw -hn "host computer A" -hc DefaultHostSettings -o
The following arguments are used with the smreghost command:
Indicates the IP address of the Policy Server where you are registering this host. Specify the port of the authentication server only if you are not using the default port.
If you specify a port number, which can be a non-default port, that port is used for all three Policy Server servers (authentication, authorization, accounting), however, the unified server responds to any Agent request on any port. For example, if you specify port 55555, the policy server entry in the SmHost.conf file will show the following:
"policy_server_ip_address,5555,5555,5555"
Example: (IPv4) 127.0.0.1,44442
Example: (IPv6) [2001:DB8::/32][:44442]
Indicates Name of the SiteMinder administrator with the rights to register a trusted host.
Indicates the password of the Administrator who is allowed to register a trusted host.
Indicates the name of the host to be registered. This can be any name that identifies the host, but it must be unique. After registration, this name is placed in the Trusted Host list in the Administrative UI.
Indicates the name of the Host Configuration Object configured at the Policy Server. This object must exist on the Policy Server before you can register a trusted host.
Specifies the shared secret for the Web Agent, which is stored in the SmHost.conf file on the local web server. This argument changes the shared secret on only on the local web server. The Policy Server is not contacted.
Specifies whether the shared secret will be updated (rolled over) automatically by the Policy server. Including this argument instructs the Policy Server to update the shared secret.
(Optional) Indicates the full path to the file that contains the registration data. The default file is SmHost.conf. If you do not specify a path, the file is installed in the location where you are running the smreghost tool.
If you use the same name as an existing host configuration file, the tool backups up the original and adds a .bk extension to the backup file name.
Specifies one of the following FIPS modes:
Important! A SiteMinder r12.0 SP2 installation that is running in Full FIPS mode cannot interoperate with, or be backward compatible to, earlier versions of SiteMinder, including all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. You must re-link all such software with the r12.0 SP2 versions of the respective SDKs to achieve the required support for Full FIPS mode.
If this switch is not used, or you use the switch without specifying a mode, the default setting is used.
Default: COMPAT
Note: More information on the FIPS Certified Module and the algorithms being used; the data that is being protected; and the SiteMinder Cryptographic Boundary exists in the Policy Server Administration Guide.
(Optional) Indicates the name of the cryptographic provider you are using for encryption. If you do not specify a value the default is assumed.
Default: ETPKI
(Required for PKCS11 encryption) Indicates the full path to the PKCS11 DLL or configuration file.
(Optional for PKCS11 encryption) Indicates the token label for the hardware token. Only use this argument if there is a token label.
Overwrites an existing trusted host. If you do not use this argument, you will have to delete the existing trusted host with the Administrative UI before using the smreghost command. We recommend using the smreghost command with this argument.
The trusted host is re-registered.
Copyright © 2006 CA. All rights reserved. | Email CA about this topic |