Security
By default, Netwrix Auditor API uses HTTPS for sending requests to its endpoints. Netwrix encrypts data with a self-signed automatically generated SSL certificate and strongly recommends you to replace it with a new secured certificate acquired from any reliable source.
The automatically generated Netwrix API certificate is located in the Personal store. To enable trust on remote computers, install this certificate in the Trusted Root Certification Authorities store.
To manage API security settings with APIAdminTool.exe
Netwrix provides a command-line tool for managing Integration API. The tool allows switching between HTTP and HTTPS, assigning new certificates, etc.
-
On the computer where Netwrix Auditor Server resides, start the Command Prompt and run the tool. The tool is located in the Netwrix Auditor installation folder, inside the Audit Core folder. For example:
C:\>cd C:\Program Files (x86)\Netwrix Auditor\Audit Core
C:\Program Files (x86)\Netwrix Auditor\Audit Core>APIAdminTool.exe
-
Execute one of the following commands depending on your task. Review the tips for running the tool:
- Some commands require parameters. Provide parameters with values (parameter= value) if you want to use non-default. E.g.,
APIAdminTool.exe api http port= 4431
. - Append
help
to any command to see available parameters and sub-commands. E.g.,APIAdminTool.exe api help
.
- Some commands require parameters. Provide parameters with values (parameter= value) if you want to use non-default. E.g.,
To... | Execute... |
---|---|
Disable API |
NOTE: This command duplicates the checkbox on the Integrations page in Netwrix Auditor. |
Switch to HTTP |
NOTE: Netwrix recommends switching to HTTP only in safe intranet environments. To use a non-default port (9699), append a parameter port with value to the command above (e.g., |
Switch to HTTPS |
NOTE: Run this command if you want to continue using Netwrix-generated certificate. To use a non-default port (9699), append a parameter port with value to the command above (e.g., |
Assign a new SSL certificate |
NOTE: Run this command if you want to apply a new certificate and use it instead default. You must add a certificate to the store before running this command. Provide parameters to specify a certificate:
|