Re-registering the Server Agent
If you have removed Agent Registration Settings for a Server Agent using the Reset Trust Level option, that agent is considered untrusted and is no longer able to communicate with the Trust Protection Foundation server. This is typically done either for troubleshooting purposes, or when Agent Connectivity has been unintentionally deleted or corrupted.
In order to re-establish a trusted connection with Trust Protection Foundation, you must re-register the agent by resetting the registration password on the host where the agent is installed.
To re-register the Server Agent when using a self-signed certificate
-
On the host where the agent is installed, re-register the Server Agent from the command prompt:
vagent -m registration_password=password -
After the agent has attempted to check in with the Trust Protection Foundation server again, you can validate that it is trusted again from within Aperture.
To re-register the Server Agent when using a CA-signed certificate as the Venafi Operational Certificate (VOC)
-
On the host where the agent is installed, re-register the agent from the command prompt:
vagent -m registration_password=password -
Clear the rolling code:
vagent -x rolling_code='SYSTEM:In Use' -
After the agent has attempted to check in with the Trust Protection Foundation server again, go to the Agents page to validate that it is trusted again:
-
(Conditional) If the agent fails to regain trust, do the following:
-
Delete the config.sq3 and curl-ca-bundle.crt from the agent data directory:
On Windows: <agent install direcory>\agent\data
On Linux: /var/opt/venafi/agent/data
-
Set the server_thumbprint by copying the value from within Aperture and setting it at the command prompt:
vagent -m server_thumbprint=ThumbprintValue
-
Related Topics