- Agents >
- Automation Agent >
- Configure Automation Agent for SSL
Configure Automation Agent for SSL¶
On this page
Ops Manager supports SSL for encrypting the following connections made by Automation Agents:
- Connections between the Automation Agents and MongoDB instances.
- Connections between the Automation Agents and Ops Manager.
Prerequisite¶
To configure the agent to use SSL, you must have a trusted CA certificate that signed the MongoDB instance’s certificate.
Procedures¶
Connections between Agent and MongoDB Instances¶
To use SSL for the Automation Agent’s connection to a MongoDB host, specify the host’s SSL settings when adding the host or by editing the host’s settings.
Note
Ops Manager can manage TLS/SSL for you if you are using Automation for the deployment. With Automation, Ops Manager prompts you for the certificates to use to connect to the deployment when you enable TLS/SSL and then configures the agents appropriately. To learn how to configure TLS/SSL, see Enable SSL for a Deployment.
Specify path to trusted CA certificate.¶
If your Ops Manager deployment uses TLS/SSL, then you must configure the Automation Agent to use TLS/SSL. To configure the agent to use TLS/SSL, you must have a trusted Certificate Authority certificate that signed the MongoDB instance’s certificate.
In the agent’s install directory, edit the configuration file to set
sslTrustedMMSServerCertificate
field to the path of a
file containing one or more certificates in PEM format.
Platform | Installation Method | Default Config File Path |
---|---|---|
RHEL, CentOS, Amazon Linux and Ubuntu | package manager | /etc/mongodb-mms/automation-agent.config |
macOS or other Linux distributions | tar |
/path/to/install/local.config |
Windows | msi |
C:\MMSData\Automation\automation-agent.config |
Example
If you would use the following command to connect through the mongo shell:
Then you would modify the configuration file, setting this key/value pair:
To learn more about these settings, see Ops Manager SSL Settings.
Restart the agent.¶
Connections between Agent and Ops Manager¶
To ensure that the Automation Agents use TLS/SSL when connecting to Ops Manager, configure Ops Manager to use TLS/SSL for all connections. The Configure SSL Connections to Ops Manager tutorial describes how to set up Ops Manager to run over TLS/SSL, also known as HTTPS.
By default, the Automation Agent validates the Ops Manager TLS/SSL certificate.
If you are not using a certificate signed by a trusted third party, you must configure the Automation Agent to trust Ops Manager.
To specify a self-signed certificate for Ops Manager that the Automation Agent should trust:
Copy your PEM certificate to /etc/mongodb-mms/
.¶
Issue the following sequence of commands:
Edit the following parameter in the configuration file.¶
Platform | Installation Method | Default Config File Path |
---|---|---|
RHEL, CentOS, Amazon Linux and Ubuntu | package manager | /etc/mongodb-mms/automation-agent.config |
macOS or other Linux distributions | tar |
/path/to/install/local.config |
Windows | msi |
C:\MMSData\Automation\automation-agent.config |
Example
The following settings specifies thesslTrustedMMSServerCertificate
file as/etc/mongodb-mms/mms-ssl-unified.crt
.
Restart the Automation Agent for the configuration update to take effect.¶
Example