Client Configuration Update via Command Line¶
The updateconfig
command line operation can be used to update a previously
provisioned client with the latest information from a management server
(ePO or OpenDXL Broker).
NOTE: ePO-managed environments must have 4.0 (or newer) versions of DXL ePO extensions installed.
The updateconfig
operation performs the following:
- Retrieves the latest CA certificate bundle from the server and stores it
at the file referenced by the
BrokerCertChain
setting in the[Certs]
section of thedxlclient.config
file. - Retrieves the latest broker information and updates the
[Brokers]
and[BrokersWebSockets]
sections of thedxlclient.config
file with that information.
Basic Example¶
For example:
dxlclient updateconfig config myserver
For this example, config
is the name of the directory in which the
dxlclient.config
file resides and myserver
is the hostname or
IP address of ePO or an OpenDXL Broker.
When prompted, provide credentials for the OpenDXL Broker Management Console or ePO (the ePO user must be an administrator):
Enter server username:
Enter server password:
If the operation is successful, output similar to the following should be displayed:
INFO: Updating certs in config/ca-bundle.crt
INFO: Updating DXL config file at config/dxlclient.config
To avoid the username and password prompts, supply the appropriate
command line options (-u
and -p
):
dxlclient updateconfig config myserver -u myuser -p mypass
Additional Options¶
The update operation assumes that the default web server port is 8443, the default port under which the ePO web interface and OpenDXL Broker Management Console is hosted.
A custom port can be specified via the -t
option.
For example:
dxlclient updateconfig config myserver -t 443
If the management server's CA certificate is stored in a local CA truststore
file -- one or more PEM-formatted certificates concatenated together into a
single file -- the update operation can be configured to validate
the management server's certificate against that truststore during TLS session
negotiation by supplying the -e
option.
The name of the truststore file should be supplied along with the option:
dxlclient updateconfig config myserver -e config/ca-bundle.crt