Table of Contents Previous Next


8 Replacing SSL Certificates : 8.1 Updating Agent SSL Certificates

Each agent has a unique identifier that is stored in the pem.agent table in the pem database. You must replace the key and certificate files with the key or certificate that corresponds to the agent's identifier. Please note that you must move the agent.key and agent.crt files (generated in Steps 2 and 3 into place on their respective PEM agent host before generating the next key file pair; subsequent commands will overwrite the previously generated file.
1.
Use psql to find the number of agents and their corresponding identifiers:
2.
After identifying the agents that will need key files, generate an agent.key for each agent. To generate the key, execute the following command, capturing the output in a file:
/opt/PostgreSQL/10/bin/psql -U postgres -d pem --no-psqlrc -t -A -c "SELECT openssl_csr_to_crt(openssl_rsa_key_to_csr('$(cat agent.key)', 'agent$ID', 'US', 'MA', 'Bedford', 'Postgres Enterprise Manager', 'support@enterprisedb.com'), '/opt/PostgreSQL/10/data/ca_certificate.crt', '/opt/PostgreSQL/10/data/ca_key.key')" > agent.crt
Where $ID is the agent number of the agent (retrieved via the psql command line).
On a Windows host, you can use the Services applet to start the PEM agent. The PEM agent service is named Postgres Enterprise Manager Agent; highlight the service name in the Services dialog, and click Start the service.

8 Replacing SSL Certificates : 8.1 Updating Agent SSL Certificates

Table of Contents Previous Next