This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Using uberAgent With Self-Signed Certificates
uberAgent natively supports secure data transport for multiple backends, like Splunk, Elasticsearch, or Apache Kafka (via Confluent REST Proxy). For such communication via HTTPS uberAgent uses libcurl (a variant of curl), which is probably the highest-quality networking library available today.
Why Using Self-Signed Certificates
One might come to a point, during a PoC or evaluation phase, when using a certificate issued by an external or internal CA is not possible or a very complex process. Backends like Splunk or Elasticsearch offer the creation of self-signed certificates, which, by default, are not trusted by libcurl when presented to the client during the communication process. Therefore communication between uberAgent and the desired backend will fail. However, there are ways to change the configuration to make such a test scenario work.
Working With Self-Signed Certificates on macOS
uberAgent on macOS uses the operating systems implementation of libcurl. And libcurl itself utilizes LibreSSL as its library.
This can be easily verified by typing curl --version in the Terminal. The following output is an excerpt from a system running macOS 11.1 (Big Sur).
curl 7.64.1 (x86_64-apple-darwin20.0) libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.41.0
<!--NeedCopy-->
In order to establish a successful connection, the following tasks need to be accomplished:
- Import the self-signed certificate into the macOS system keychain (aka Keychain.app), e.g. by double-clicking it
- Set the trust level for the just imported certificate to Always Trust, by using the Keychain.app
Working With Self-Signed Certificates on Windows
uberAgent supports a variety of different versions of Microsoft Windows. Since not every operating system release comes with its own implementation of libcurl, uberAgent takes care of that.
Libcurl for Windows relies on Schannel as its library. Since Schannel acts differently, compared to LibreSSL on macOS when dealing with self-signed certificates, the following steps are required:
- Import the self-signed CA certificate into the Windows certificate store (Trusted Root Certification Authorities)
- Depending on your requirement, add either TLSRevocationChecksDisabled or TLSRevocationChecksBestEffort or TLSVerifyPeerDisabled or TLSVerifyHostDisabled as an additional
ConfigFlagto your uberAgent configuration
An example configuration stanza looks like this:
[Miscellaneous]
DebugMode = true
ConfigFlags = TLSRevocationChecksBestEffort
<!--NeedCopy-->
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.