SSLClientCertificateFile

IT Asset Management (Cloud)

Command line | Registry

For authentication when using mutual Transport Layer Security (TLS) to secure HTTPS communications, the server (or inventory beacon) asks the client (the managed inventory device) for a valid certificate that must be verified before the authentication process can complete. This means that the inventory device must have a locally-stored certificate available in PEM format. The SSLClientCertificateFile preference, available only for UNIX-like platforms, gives the path and file name for that certificate file on the inventory device. (For comparison, Windows devices have all required certificates saved in the certificate store, in the registry under the HKEY_LOCAL_MACHINE root.)
Note: Unlike SSLCACertificateFile, which records an entire chain of certificates, this preference records just the one client certificate to be used for mutual TLS. This certificate must be recorded here separately, and not included with any other certificates listed in SSLCACertificateFile. Furthermore, this special certificate for mutual TLS has its own distinct path, and does not share in SSLCACertificatePath.

Values

Values / range

A valid file path (or variable that references the file path) and file name.

Default value

$(SSLDirectory)/client/client_cert.pem
If this default is not available in the pseudo-registry, it is supplied from code internals.
Tip: The appropriate environment variables are saved in the pseudo-registry in /var/opt/managesoft/etc/config.ini, which is created when the FlexNet Inventory Agent is installed. (For updates to this file, see Agent Third-Party Deployment: Updating config.ini on a UNIX Device.) The default expansion for the environment variable $(SSLDirectory) is
$(CommonAppDataFolder)/etc/ssl
In turn, the default expansion for $(CommonAppDataFolder) is
/var/opt/managesoft
Therefore the fully-expanded path and file name defaults to
/var/opt/managesoft/etc/ssl/client/client_cert.pem
The client private key is saved in a private subdirectory, so that its default location is
/var/opt/managesoft/etc/ssl/client/private

Example values

/tmp/test/client_cert.pem

Command line

Tool

Inventory component (ndtrack), upload component (ndupload)

Example

-o SSLCACertificateFile="/tmp/test/cert.pem"

Registry

Installed by

Installation, or manual configuration of the config.ini file

Computer preference

[Registry]\ManageSoft\Configuration
[Registry]\ManageSoft\Tracker\CurrentVersion
[Registry]\ManageSoft\Uploader\CurrentVersion
[Registry]\ManageSoft\Common

IT Asset Management (Cloud)

Current