View Bridge agent configuration
Click Configuration from the left pane to view the following bridge agent configurations:
Bridge Configuration: Displays details such as Organization Name, Bridge Name, Registration Key, Polling Interval, and Installation Directory.
Version Details: Displays the bridge version.
Change login password
To change the login password:
Click Reset Password from the left pane.
Enter your Current Password and New Password.
- Click Save to update the login password.
Store credentials in Bridge
As outlined in the Credentials section, Bridge provides the capability to securely store credentials for your database, application, or remote machine within its Credentials module, ensuring seamless access and connectivity. Additionally, Bridge offers an alternative option to store credentials within the Bridge agent, allowing you to keep them within your network instead of in the cloud (i.e., Qntrl account), based on your security policies.
To store a credential within bridge agent, follow the below steps:
- Click Credentials from the left pane.
- Click the Add Credentials button present at the top right of the page.
- Enter the Credential details.
- Credential Name: Give a name to the Credential.
- Type: Click the dropdown menu, select the suitable Credential type based on the service you wish to connect with, and complete the relevant fields associated with the chosen Credential type. For instance, if you intend to perform a task within the AD module, choose Type as 'Active Directory'.
- API - Provide API Key
- JDBC - Provide User Name and Password
- SSH - Provide Public Key/Password
- PowerShell - Provide User Name and Password
Click Save. The credentials will be stored and ready for use.
Types of Credentials
1. API
Allows access to APIs for data retrieval, updates, or specific actions. When you choose Type as API, input the following details into the respective fields.
- Append To: Select the Parameter or Header to append the credential
- Token: Enter the API token generated in the target service, included in the API request header or parameter.
- Header Name: If the Append To field is selected as Header, enter the name of the HTTP header carrying the API token (e.g., Authorization, API-Key, Bearer).
- Parameter Name: If the Append To field is selected as a Parameter, enter the query parameters or request body parameters containing the API token.
2. JDBC
Grants access to a database connection by establishing a connection with a database using the provided username and password. Upon selecting JDBC as the credential type, fill in the following field details.
3. SSH (Secure Shell)
Enables secured connections to UNIX and Linux devices by executing commands over SSH protocol. This credential type has two modes of authentication.
i. Password Authentication:
This method employs standard password protection. Users provide a password for access.
ii. Key-Based Authentication:
Cryptographic concept of authentication, where two keys, Public Key and Private Key are used. Public Key is designed to be shared openly, and used for encryption and signature verification, while Private Key is kept secret and is used to decrypt data and create digital signatures. The data encrypted with the public key can only be decrypted with its corresponding private key.
Fill in the following fields with the relevant details:
- Authentication Mode: Select the authentication mode Password/Public Key
Password
- User Name: Username on the target machine.
- Password: Password for script execution.
Public Key
- User Name: Username on the target machine.
- Identity: Location of the Private Key.
- Passphrase: Password that can be added optionally for an extra layer of security during the key generation.
4. PowerShell
Used for secure connections with Windows machines by executing Powershell commands. If you've chosen Powershell as the credential type, provide the following details in the designated fields.
5. Active Directory
Used for authentication and accessing resources within an Active Directory environment. For AD credential types fill in the following details.
OAuth Configuration
This section is used to authorize and establish a connection with the File module, facilitating file management activities. Certain file operations that demand significant resources cannot be efficiently executed over a WebSocket connection, hence requiring the utilization of the HTTPS protocol, which can be verified through OAuth configuration.
Pre-requisite
Before proceeding, ensure that you have registered your application with Qntrl and received the Client ID and Client secret to initiate authorization. Refer to the Register Your Application section for procedures to register your application.
Configuring OAuth for Connection
Follow the below steps to configure OAuth for your connection:
Select Configure OAuth from the left pane.
- If you've registered your application before, enter your Client ID and Client Secret.
Client ID: Unique identifier you receive when you register your application with Zoho.
Client Secret: A unique key generated upon registering your application with Zoho.
Authorized redirect URI: URI endpoint for client-based applications to which Zoho Accounts has to redirect the user-agent with the access token after authorizing the client.
To register your application and generate a Client ID and Client Secret, select the '+' icon next to Client ID and follow the registration process outlined in the Register your Application section, commencing from step 3. Click Save and Connect.
Upon successful authorization, the connection will be created and the status will be shown as Connected.
You have the option to modify or revoke the connection you've created by simply clicking the Edit or Revoke buttons.
Register your Application
You must register your application through the Zoho API Console, to receive your Client ID and Client Secret. Follow these steps to register your application successfully:
Visit the Zoho API Console by navigating to the official website Zoho API Console and click GET STARTED.
Choose the "Server-based Application" client type and click CREATE NOW.
Provide the following details:
- Client Name: Enter the name of the application you want to register with Zoho.
- Homepage URL: Input the URL of your application's web page.
- Authorized Redirect URIs: Specify a valid application URL to which Zoho Accounts will redirect you, providing a grant token (code) upon successful authentication.
Click CREATE.
Upon successful registration, you will receive the following credentials:
Client ID: The consumer key generated from the connected app.
Client Secret: The consumer secret generated from the connected app.
For more in-depth information about OAuth integration with Zoho, you can refer to Zoho's OAuth documentation
By default, the bridge server runs in HTTP mode on port 8500. You can enable HTTPS by following the steps below.
Prerequisites
Ensure OpenSSL version 1.0 is available in the system path.
- Fill in the Following Fields:
- Private Key: Upload the private key file of your server, used to digitally sign your Certificate Signing Request (CSR) and to secure and verify connections to your server. Learn more about private keys.
- Root Certificate: Upload the Root SSL certificate issued by a trusted certificate authority (CA).
- Intermediate Certificate: Upload the intermediate certificate that acts as a bridge between a root certificate and an entity certificate, providing an extra layer of security.
- Server Certificate: Upload the server certificate, typically issued to hostnames, representing the bridge server. Enabling HTTPS is mandatory if a server certificate is uploaded.
- Enable the Enable Https checkbox.
- Click Save Keystore. The bridge will restart in HTTPS mode.
Sample to Create Configuration Files and Generate Certificates
1. Create a Configuration File
Create a file with the following sample content and save it as <name.conf>.
[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[req_distinguished_name]
C = {Your country code}
ST = {Your state}
L = {Your city}
O = {Your organisation}
OU = {Your org unit}
CN = {Your bridge domain}
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = {Your bridge domain}
This file contains the details for the certificates.
2. Create a Private Key
Execute the following command in the terminal:
openssl genrsa -out {bridge_domain}.key 2048
This command will create a .key file, which has to be uploaded to the Private Key field
3. Create a CSR (Certificate Signing Request)
Execute the following command to create a .csr file. You will need this to obtain the server certificate from your Certificate Authority.
openssl req -new -key {bridge_domain}.key -out {bridge_domain}.csr -config cert.conf
4. For Testing: Create a Self-Signed Server Certificate
Execute the following command to create a server certificate for testing purposes.
openssl req -key {bridge_domain}.key -new -x509 -days 365 -out {bridge_domain}.crt -config cert.conf
This will create a server certificate for testing purposes.
Truststore
The bridge truststore is used for all outbound calls from the bridge. You can upload certificates that the bridge needs to trust.
For example, if the bridge needs to consume private network APIs and the server certificate is not signed by a CA, you must upload that server certificate to this truststore to make the API accessible from the bridge.