Revoking an Axon Agent's Certificate
If the Axon Access Point is running in registration mode on the TLC Manager (the default setting; see Step 1. Configuring the Axon Access Point on a Tripwire Log Center Manager), the Axon Access Point maintains a list of certificates granted to connecting Axon Agents. If an Agent's certificate is revoked, the TLC Manager will deny SSL connection requests from the Agent.
To revoke an Axon Agent's certificate:
| 1. | To identify the Axon Agent's Universally Unique Identifier (UUID), run one of the following commands on the Agent host system. |
AIX or Linux: /opt/tripwire/agent-tlc/tools/twagent/twagentstat --dump.uuid.dat
Windows:
“%PROGRAMFILES%\Tripwire\Agent-TLC\tools\twagent\twagentstat” --dump.uuid.dat
|
Tip |
Alternatively, you can determine the Axon Agent's UUID by opening the Axon Access Point Log on the TLC Manager: <TLC_Manager_install_dir>/Tripwire Axon Access Point/log/TripwireAAP.log Search the log for the IP address used by the Axon Agent to connect to the Axon Access Point. The Agent's UUID should appear in a message similar to the following: 2013-04-10 11:17:01.934-0700 | Bridge | INFO | c.t.c.b.queue.TwQueueBrokerFacade | agent[3d28c981-9ac7-4f21-bd64-f79bad0722df;/192.168.1.2:56144] | New I/O server worker #1-1 | Subscribed to message broker on behalf of agent. |
|---|
| 2. | Run the following commands on the TLC Manager: |
| a. | To determine if the Axon Agent's certificate has already been revoked, run: |
<TLC_Manager_install_dir>\Tripwire Axon Access Point\bin
agentCrlManager -d ..\..\data\bridge list
| b. | To revoke the Agent’s certificate, run: |
agentCrlManager –d ..\..\data\bridge revoke --agent <UUID>
where <UUID> is the Agent's Universally Unique Identifier (UUID).
| c. | To restart the Axon Access Point Service, run: |
net stop TripwireAxonAccessPoint
net start TripwireAxonAccessPoint