Bridge agent Settings | Qntrl | Bridge | Online Help | OAuth Configuration | SSL Configuration

Bridge agent settings

Once the Bridge agent is set up, you can log in to the bridge agent to view and modify the allowed configuration as needed. To do this:

  1. In Qntrl, navigate to (settings) >> Advanced >> Bridge, then select your bridge.

  2. Hover your cursor over the bridge name, then click on the action menu, and select Open Agent.

      

  1. This will direct you to the bridge agent login page. Log in with your username and password.

      

  1. Click the   (settings) icon at the top right of the header bar.

  2. The following settings options will appear on the left pane.

    1. Configuration

    2. Reset Password

    3. Credentials

    4. Configure OAuth

    5. Configure SSL

  3. From the options, you can click on the desired action to perform various configuration tasks.

      


View Bridge agent configuration   

Click Configuration from the left pane to view the following bridge agent configurations:
  1. Bridge Configuration: Displays details such as Organization Name, Bridge Name, Registration Key, Polling Interval, and Installation Directory.
  2. Version Details: Displays the bridge version.
      
     

Change login password   

To change the login password:
  1. Click Reset Password from the left pane.
  2. Enter your Current Password and New Password.
  3. Click Save to update the login password. 

      


Store credentials in Bridge   

As outlined in the Credentials section, Bridge provides the capability to securely store credentials for your database, application, or remote machine within its Credentials module, ensuring seamless access and connectivity. Additionally, Bridge offers an alternative option to store credentials within the Bridge agent, allowing you to keep them within your network instead of in the cloud (i.e., Qntrl account), based on your security policies.
 
To store a credential within bridge agent, follow the below steps:
  1. Click Credentials from the left pane.
  2. Click the Add Credentials button present at the top right of the page.
  3. Enter the Credential details.
    1. Credential Name: Give a name to the Credential.
    2. Type: Click the dropdown menu, select the suitable Credential type based on the service you wish to connect with, and complete the relevant fields associated with the chosen Credential type. For instance, if you intend to perform a task within the AD module, choose Type as 'Active Directory'.
      1. API - Provide API Key
      2. JDBC - Provide User Name and Password
      3. SSH Provide Public Key/Password
      4. PowerShell - Provide User Name and Password
      5. Active Directory - Provide User DN and Password
      Refer to the below section, Types of Credentials for more insights into the credential type used.

  4. Click Save. The credentials will be stored and ready for use.

      


Types of Credentials       

1. API  

Allows access to APIs for data retrieval, updates, or specific actions. When you choose Type as API, input the following details into the respective fields.
  1.  Append ToSelect the Parameter or Header to append the credential
  2. TokenEnter the API token generated in the target service, included in the API request header or parameter.
  3. Header Name: If the Append To field is selected as Header, enter the name of the HTTP header carrying the API token (e.g., Authorization, API-Key, Bearer).
  4. Parameter Name: If the Append To field is selected as a Parameter, enter the query parameters or request body parameters containing the API token.

2. JDBC 

Grants access to a database connection by establishing a connection with a database using the provided username and password. Upon selecting JDBC as the credential type, fill in the following field details.

  • Username: Username associated with the database account.

  • Password: Password for the corresponding username to authenticate database access.

3. SSH (Secure Shell) 

Enables secured connections to UNIX and Linux devices by executing commands over SSH protocol. This credential type has two modes of authentication.

 

i. Password Authentication:

This method employs standard password protection. Users provide a password for access.

ii. Key-Based Authentication:

Cryptographic concept of authentication, where two keys, Public Key and Private Key are used. Public Key is designed to be shared openly, and used for encryption and signature verification, while Private Key is kept secret and is used to decrypt data and create digital signatures. The data encrypted with the public key can only be decrypted with its corresponding private key.

Fill in the following fields with the relevant details:
  1. Authentication ModeSelect the authentication mode Password/Public Key
      Password
  • User Name: Username on the target machine.
  • Password: Password for script execution.
     Public Key   
  • User Name: Username on the target machine.
  • Identity: Location of the Private Key.
  • PassphrasePassword that can be added optionally for an extra layer of security during the key generation.

4. PowerShell 

Used for secure connections with Windows machines by executing Powershell commands. If you've chosen Powershell as the credential type, provide the following details in the designated fields.

  • User Name: Username on the Windows machine.

  • Password: Password associated with the machine for script execution.

5. Active Directory 

Used for authentication and accessing resources within an Active Directory environment. For AD credential types fill in the following details.

  • User DN: Distinguished Name of the Active Directory.

  • Password: Active Directory password.


OAuth Configuration  

This section is used to authorize and establish a connection with the File module, facilitating file management activities. Certain file operations that demand significant resources cannot be efficiently executed over a WebSocket connection, hence requiring the utilization of the HTTPS protocol, which can be verified through OAuth configuration.

 

Pre-requisite

Before proceeding, ensure that you have registered your application with Qntrl and received the Client ID and Client secret to initiate authorization. Refer to the Register Your Application section for procedures to register your application.

 

Configuring OAuth for Connection

Follow the below steps to configure OAuth for your connection:
  1. Select Configure OAuth from the left pane.
  2. If you've registered your application before, enter your Client ID and Client Secret.
    • Client ID: Unique identifier you receive when you register your application with Zoho.
    • Client Secret: A unique key generated upon registering your application with Zoho.
    • Authorized redirect URI: URI endpoint for client-based applications to which Zoho Accounts has to redirect the user-agent with the access token after authorizing the client.

      

NotesTo register your application and generate a Client ID and Client Secret, select the '+' icon next to Client ID and follow the registration process outlined in the Register your Application section, commencing from step 3.

  1. Click Save and Connect.

  2. Upon successful authorization, the connection will be created and the status will be shown as Connected.

      

  1. You have the option to modify or revoke the connection you've created by simply clicking the Edit or Revoke buttons.

Register your Application    

You must register your application through the Zoho API Console, to receive your Client ID and Client Secret. Follow these steps to register your application successfully:

  1. Visit the Zoho API Console by navigating to the official website Zoho API Console and click GET STARTED.

      

  1. Choose the "Server-based Application" client type and click CREATE NOW.

      

  1. Provide the following details:

    1. Client Name: Enter the name of the application you want to register with Zoho.
    2. Homepage URL: Input the URL of your application's web page.
    3. Authorized Redirect URIs: Specify a valid application URL to which Zoho Accounts will redirect you, providing a grant token (code) upon successful authentication.

  2. Click CREATE.

      

  1. Upon successful registration, you will receive the following credentials:

Client ID: The consumer key generated from the connected app.

Client Secret: The consumer secret generated from the connected app.

      


For more in-depth information about OAuth integration with Zoho, you can  refer to Zoho's OAuth documentation 

Notes

  • The Client Name should not include any special characters except for "_" and "&."


Configure SSL 

By default, the bridge server runs in HTTP mode on port 8500. You can enable HTTPS by following the steps below.  

Prerequisites   

Before enabling HTTPS for the Bridge, ensure that the following requirements are met:

OpenSSL Version Requirement  

Qntrl Bridge currently requires OpenSSL 1.x. To enable HTTPS, ensure that OpenSSL 1.x is installed on the Bridge host computer.

  • If OpenSSL 1.x is installed, you can proceed with configuring HTTPS.

  • If OpenSSL 3.x or any other version is installed, follow the steps below to install OpenSSL 1.x.

 

Steps to Install OpenSSL 1.x  

For Linux:
  1. Download the OpenSSL 1.x source archive using the following command: wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz
  2. Extract the downloaded archive: tar -xvzf openssl-1.1.1w.tar.gz
  3. Navigate to the extracted directory: cd openssl-1.1.1w 
  4. Configure the installation directory for the OpenSSL(e.g., /opt/openssl-1.1.1w): ./config --prefix=/opt/openssl-1.1.1w
  5. Ensure the GCC compiler is installed. If not, update the system and install GCC: sudo apt update && sudo apt install gcc
  6. Build OpenSSL: make
  7. Install OpenSSL: sudo make install
  8. Verify the OpenSSL installation: /opt/openssl-1.1.1w/bin/openssl version
  9. Add the following lines to your .bashrc file to update environment variables:
            export LD_LIBRARY_PATH=/opt/openssl-1.1.1w/lib:$LD_LIBRARY_PATH
            export openssl=/opt/openssl-1.1.1w/bin/openssl
NotesOnce HTTPS is enabled for the Bridge, you can remove these lines from .bashrc.

For Windows:

  1. Download OpenSSL 1.x for Windows, from a trusted source like this link.

  2. Extract the downloaded ZIP file into a folder and install.

  3. Set the OpenSSL 1.x version as default in the environment path.


Steps to Configure SSL  

  1. Click Configure SSL from the left pane of the settings page.
  2. If the Configure SSL section is not visible on the settings page, manually open <bridgehostname:portnumber>/account/ssl in your browser's address bar. This will open the Configure SSL section. You can then proceed with the steps below.
  3. Fill in the Following Fields:
    • Private Key: Upload the private key file of your server, used to digitally sign your Certificate Signing Request (CSR) and to secure and verify connections to your server. Learn more about private keys.
    • Private key passwordUse the password provided during private key generation.
    • Root Certificate: Upload the Root SSL certificate issued by a trusted certificate authority (CA).
    • Intermediate Certificate: Upload the intermediate certificate that acts as a bridge between a root certificate and an entity certificate, providing an extra layer of security.
    • Server Certificate: Upload the server certificate, typically issued to hostnames, representing the bridge server. Enabling HTTPS is mandatory if a server certificate is uploaded.
  1. Enable the Enable Https checkbox.
  2. Click Save Keystore. The bridge will restart in HTTPS mode.

      

 

Sample to Create Configuration Files and Generate Certificates   

1. Create a Configuration File

Create a file with the following sample content and save it as <name.conf>.

   
   
   
   
   

    [req]
   
   
   
   
   

   
   
   
   
   

    distinguished_name = req_distinguished_name
   
   
   
   
   

   
   
   
   
   

    req_extensions = req_ext
   
   
   
   
   

   
   
   
   
   

    prompt = no
   
   
   
   
   

   
   
   
   
   

     
   
   
   
   
   

   
   
   
   
   

    [req_distinguished_name]
   
   
   
   
   

   
   
   
   
   

    C = {Your country code}
   
   
   
   
   

   
   
   
   
   

    ST = {Your state}
   
   
   
   
   

   
   
   
   
   

    L = {Your city}
   
   
   
   
   

   
   
   
   
   

    O = {Your organisation}
   
   
   
   
   

   
   
   
   
   

    OU = {Your org unit}
   
   
   
   
   

   
   
   
   
   

    CN = {Your bridge domain}
   
   
   
   
   

   
   
   
   
   

     
   
   
   
   
   

   
   
   
   
   

    [req_ext]
   
   
   
   
   

   
   
   
   
   

    subjectAltName = @alt_names
   
   
   
   
   

   
   
   
   
   

     
   
   
   
   
   

   
   
   
   
   

    [alt_names]
   
   
   
   
   

   
   
   
   
   

    DNS.1 = {Your bridge domain}

This file contains the details for the certificates.

2. Create a Private Key

Execute the following command in the terminal:

   
   
   
   
   

    openssl genrsa -out {bridge_domain}.key 2048

This command will create a .key file, which has to be uploaded in the Private Key field.

3. Create a CSR (Certificate Signing Request)

Execute the following command to create a .csr file. You will need this to obtain the server certificate from your Certificate Authority.

   
   
   
   
   

    openssl req -new -key {bridge_domain}.key -out {bridge_domain}.csr -config cert.conf


4. For Testing: Create a Self-Signed Server Certificate

Execute the following command to create a server certificate for testing purposes.

   
   
   
   
   

    openssl req -key {bridge_domain}.key -new -x509 -days 365 -out {bridge_domain}.crt -config cert.conf
This will create a server certificate for testing purposes.

Truststore  

The bridge truststore is used for all outbound calls from the bridge. You can upload certificates that the bridge needs to trust.

For example, if the bridge needs to consume private network APIs and the server certificate is not signed by a CA, you must upload that server certificate to this truststore to make the API accessible from the bridge.

    • Related Articles

    • Credentials

      The Credential module provides a streamlined solution for storing and managing authentication credentials for databases, remote machines, and application servers. Organizations dealing with multiple databases or APIs often face repetitive credential ...

    • Zoho Directory in Qntrl

      What is Active Directory? Active Directory (AD) by Microsoft is a domain management system for centralized networks. Using AD, you can add users, define their privilege, store and manage information, and authorize and authenticate user accounts. What ...

    • Active Directory(AD)

      Active Directory (AD) is a service developed by Microsoft that provides a centralized way to manage all your network machines, users, and resources in one place. Active Directory stores data as Objects, which include users, groups, applications, and ...

    • Install Bridge

      Follow the below step-by-step procedures to configure and use Bridge in Qntrl. Step 1: Download the Bridge agent Only one Bridge agent can be installed per machine. To download a bridge agent in Qntrl: Navigate to (settings), under Advanced click ...

    • PowerShell Engine

      PowerShell Engine In Bridge, the PowerShell Engine module is used to perform actions in any Windows machines in the client's network using PowerShell script. Prerequisite While creating Credentials, select the type Powershell and provide the User ...

    You are currently viewing the help articles of Qntrl 3.0. If you are still using our older version and require guidance with it, Click here.