About the Trust Protection Platform server certificate thumbprint

The Trust Protection Platform server creates a trust bundle based on the root and intermediate certificates that you specify in TLS Protect.

When installing the Server Agent, you can optionally set the server_thumbprint option when setting configuration parameters for the agent.

The server_thumbprint will be used only in the fallback case where the server certificate cannot be validated using the trust bundle. If the server_thumbprint validation succeeds, a new trust bundle will be sent to the Agent.

After a successful connection, the server_thumbprint gets deleted.

To use server_thumbprint, copy the server thumbprint from the Agent Registration Settings page in TLS Protect and place it at the command line. For example, when installing the agent on a Windows 64-bit system:

msiexec /i [path_to_product_CD]\Installers\Win64\venafi-agent-24.1.0-windows-x64.msi server_url=ServerURL registration_password=a1b2c3d4x server_thumbprint=e6983cf632417fdd7d903832f2fb3cae9b557d335af59c5edec02a10bf02ed66 [additional options]

The following diagram shows the process of server/agent authentication and registration.

Securing trust between the Trust Protection Platform server and the Server Agent

Related Topics Link IconRelated Topics