Configure Your Agents for Cisco Secure Application 

Extract the Ingress CA or Server Certificate

  1. Determine the provider of the server certificate: 
    Log into the cluster node and examine /var/appd/globals.yaml.gotmpl. If the value of ingress.defaultCert is true, this indicates that the On-Premises Virtual Appliance provided the CA and a server certificate. Otherwise, you provided a custom TLS certificate.

    The upgrade process sets ingress.defaultCert to false.


  2. If the On-Premises Virtual Appliance provided the CA certificate, run this command to extract a copy of it: 

    kubectl get secret ingress-cert-secret -n ingress-master -o jsonpath="{.data.ca\.crt}" | base64 --decode > ca.crt
    BASH
  3. If you provided a custom TLS certificate, run this command to extract a copy of it: 
    kubectl get secret custom-ingress-secret -n ingress-master -o jsonpath="{.data.tls\.crt}" | base64 --decode > certificate.crt
    BASH

Update the Agent Configuration

  • For Java agents:
  • For .NET agents on Linux hosts:
    • For general details on .NET agent configuration, see Install the .NET Agent for Linux.
    • In the agent configuration, specify the location of the certificate you extracted above. You can specify this location in your agent's configuration file or with the APPDYNAMICS_CONTROLLER_SSL_CERTFILE environment variable (see Configuring SSL Variables for .NET Agents):
      {
  "controller": {
    "host": "ec2-18-236-232-10.us-west-2.compute.amazonaws.com",
    "port": 443,
    "ssl": true,
    "certfile": "_path_to_single_certificate_file_"
  }
}
      JSON
  • For .NET agents on Windows hosts:
    • In the agent configuration, specify the location of the certificate you extracted above. You can specify this location in your agent's configuration file or with the APPDYNAMICS_CONTROLLER_SSL_CERTFILE environment variable (see Configuring SSL Variables for .NET Agents):
      <controller host="ec2-18-236-232-10.us-west-2.compute.amazonaws.com" port="443" ssl="true" enable_tls12="true" ssl-certificate-file="_path_to_single_certificate_file_" >
...
</controller>
      XML
       
  • For Node.js agents:
    • Confirm that the Node.js agent version is at least 24.9.0.
    • Add this to the require statement in its configuration file. For details see Vulnerability Reporting on Node.js Agent
      require("appdynamics").profile({
    controllerHostName: '<controllerHost>',
    controllerPort: 443,
    controllerSslEnabled: true,
    accountName: '<accountName>',
    accountAccessKey: '<accessKey>',
    applicationName: '<appName>',
    tierName: '<tierName>,
    nodeName: '<nodeName>',
    secureAppEnabled: true,
    certificateFile: '_path_to_single_certificate_file_'
})
      JSON



Update Agents' Node Properties on the Virtual Appliance

Integrate Cisco Secure Application with your agents:

  • For the Java agent:
    • Confirm that the Java agent version is at least 24.4.1.
    • Add this node property: 
      enable-secapp-service
      CODE
  • For the .NET agent:
    • Confirm that the .NET agent version is at least 24.4.0.1.
    • Add this node property: 
      enable-secapp-service
      CODE

See App Agent Node Properties.

For more information, see Monitor Application Security Using Cisco Secure Application.


Enable Cisco Secure Application Features for Targeted Applications

From the Cisco Secure Application dashboard, you can find the Security Setting value for any application you want to monitor in either of these ways:

  • If any application's Security Status is Disabled, you can set it to Enabled by updating its Security Setting to Enable.
  • You can manage the Security Status for all applications with Security Setting of Inherit by navigating to the Administration > Settings tab. 

In order to make these changes, you must have Configure permission for Cisco Secure Application. For help, see Security Setting in Monitor Security Status of Applications.