Install apoctl


  • The following procedure uses an app credential to authenticate to the Microsegmentation Console. App credentials require a mutual TLS connection to the Microsegmentation Console API. Any TLS-intercepting middleboxes must be configured to exclude your connections to the Microsegmentation Console from interception.
  • If you connect through a firewall or endpoint agent, ensure that you can access *, *, and *

Installing and configuring apoctl

  1. Download the executable appropriate to your platform.
    sudo curl -o /usr/local/bin/apoctl \ && \ sudo chmod 755 /usr/local/bin/apoctl
    sudo curl -o /usr/local/bin/apoctl \ && \ sudo chmod 755 /usr/local/bin/apoctl
    curl -o apoctl.msi; ` if ($?) {. .\apoctl.msi /quiet} if ($?) {$env:PATH+="C:\Program Files\Apoctl;"}
  2. Open the Microsegmentation Console web interface.
  3. Navigate to the top-level namespace that you have access to. In the following example, we have access to the top-level namespace /acme.
  4. Click the lock icon in the bottom left corner, then click
    Copy to clipboard
    , as shown below.
  5. Paste the configuration command into your terminal and press ENTER.
    An example command follows, using as the URL of the Microsegmentation Console API and a Microsegmentation account.
    apoctl configure --api \ --namespace /acme \ --token $(apoctl auth aporeto --account acme --api
  6. Authenticate at the prompt.
    It should return the following.
    apoctl profile 'default' successfully configured
  7. Issue the following commands to extract the URL of your Microsegmentation Console API, set it in a MICROSEG_API environment variable, and ensure that the environment variable persists across sessions.
    export MICROSEG_API=$(apoctl auth verify | jq -r '.iss') echo "export MICROSEG_API=$MICROSEG_API" | tee -a ~/.bash_profile
    $env:MICROSEG_API = (apoctl auth verify | jq -r '.iss') $env:MICROSEG_API = [System.Environment]::SetEnvironmentVariable('MICROSEG_API','User')
  8. Confirm that you can connect to the Microsegmentation Console API and that you trust its certificate.
    curl $MICROSEG_API
    wget $MICROSEG_API
  9. Issue the following command to confirm that you’re authenticated.
    apoctl auth verify
    It should return something like the following.
    { "data": { "commonName": "app:credential:6022d9eeeb15c100010d9290:acme-apoctl-default-credentials", "organization": "/acme", "realm": "certificate", "serialNumber": "96242056717083374710660459658200369221", "subject": "96242056717083374710660459658200369221" }, "exp": 1612903956, "iat": 1612896755, "iss": "", "realm": "Certificate", "restrictions": {}, "sub": "96242056717083374710660459658200369221" }
    Great job! You’ve installed and configured apoctl.

Recommended For You