srtkkv
commented
1 year ago registration procedure:
-
Optional: The security officer can register an employee in oztes and generate the the profile to employee's agents.
a. the join link contains the identifer (unique id) to access the employee profile and register agents. b. the config file.
-
User use agent menu (or command line arguments --register URL) provide the URL or the oztes endpoint.
-
Agent contact the management server endpoint to get default server policy (for registration procedure) and user profile.
-
the agent generate PKI key pair and request for certificate (CSR) openssl (howto) in line the p1. requirements. The list of used attributes to fill in:
- commonName - (mandatory) host name
- countryName - (optional) provided by oztes registration policy
- localityName - (optional) provided by oztes registration policy
- organizationName - provided by oztes registration policy
- organizationUnitName - (optional) provided by oztes registration policy
- stateOrProvinceName - (optional) provided by oztes registration policy
- emailAddress - (mandatory) corporate email
- name - (mandatory) employee name
- surname - (mandatory) employee surname
- givenName -(mandatory)
- USER_ID (optional) provided by oztes registration policy
- telephoneNumber - optional) provided by oztes registration policy
- etc
-
sent the CSR to the oztes to register the agent with information regards to the workstation.
- checksum of application
- platform information:
- MAC
- CPU
- OS version
-
Security officer checks the request and authorise them. with authorization the oztes:
- issue the agents certificate.
- register create record in DB related to the registred agent. (linked to the employee object)
- agent status changed to the registered.
- push the applied security policy with certificate
-
Agent get the certificate move in Platform default store. Apply the security policy
The oztec should be able to register to the management server by using simple command: oztec --register server_url after what: