Each agent has a unique identifier that is stored in the pem.agent table in the pem database. You must replace the key and certificate files with the key or certificate that corresponds to the agent's identifier. Please note that you must move the agent.key and agent.crt files (generated in Steps 2 and 3 into place on their respective PEM agent host before generating the next key file pair; subsequent commands will overwrite the previously generated file.
1. Use psql to find the number of agents and their corresponding identifiers:On Linux, you can also find the agent identifier and location of the keys and certificates in the PEM/agent section of the /etc/postgres-reg.ini file.
2. After identifying the agents that will need key files, generate an agent.key for each agent. To generate the key, execute the following command, capturing the output in a file:/opt/PostgreSQL/10/bin/psql -U postgres -d pem --no-psqlrc -t -A -c "SELECT openssl_rsa_generate_key(1024)" > agent.keyModify the privileges of the agent.key file.
3. /opt/PostgreSQL/10/bin/psql -U postgres -d pem --no-psqlrc -t -A -c "SELECT openssl_csr_to_crt(openssl_rsa_key_to_csr('$(cat agent.key)', 'agent$ID', 'US', 'MA', 'Bedford', 'Postgres Enterprise Manager', 'email@example.com'), '/opt/PostgreSQL/10/data/ca_certificate.crt', '/opt/PostgreSQL/10/data/ca_key.key')" > agent.crtWhere $ID is the agent number of the agent (retrieved via the psql command line).Modify the privileges of the agent.crt file:
4. On a Windows host, you can use the Services applet to start the PEM agent. The PEM agent service is named Postgres Enterprise Manager Agent; highlight the service name in the Services dialog, and click Start the service.