Network Authentication - Online Help

The following sections provide context-sensitive help information related to this feature.

Certificate Administration

Use this dialog box to view the list of all outstanding client certificates in the CommCell and to perform the following operations:

  • Enforce the authentication of client certification on the CommCell
  • Configure the renewal period of client certificates
  • Manage client certificates (create, renew, revoke)

Force per-client certificate authentication on CommServe

This option enforces the client certificate authentication on the CommServe. By default, during the client installation, the installer uses built-in certificates to authenticate communications with the CommServe. Click Yes to enforce the validation of client certificates during installation instead of using built-in certificates.

Client Certificate Rotation Period

Specifies the renewal period (in months) for all client certificates. Typically, within two weeks before the renewal period completes its cycle, the client will initiate the certification renewal.

The default value for this option is 6 months.

CA Certificate Rotation Period

Specifies the renewal period (in years) for the CommCell Certificate Authority (CA). Typically, within two weeks before the renewal period completes its cycle, the CommServe will initiate the certification renewal. Once the new CA certificate is generated, the CommServe distributes the certificate to all clients, which at the same time triggers the re-generation of client certificates.

The default value for this option is 5 years.

Client certificates are stored in the <Software_Installation_Directory>/Base/Certificates folder of the client computer. The following are the properties for each of the certificates listed in the table:

  • Serial Number

    Indicates the serial number of a client certificate. Each certificate has a unique serial number.

  • Client

    Indicates the client associated to the certificate. Each client computer has a unique client certificate.

    There are two types of certificates: the certificate of a client computer which is generated during the client installation, and the Certificate Authority (CA). The CA certificate is generated by the installer during the CommServe installation. This certificate is used to sign the certificate of all clients in the CommCell.

  • Signed By

    Indicates the serial number of the CA certificate that validated the client certificate. CA certificates are self-signed.

  • Created

    Indicates the date when the certificate was created.

  • Expiration

    Indicates the date that the certificate will expire.

  • Status

    Indicates the current status of the certificate. A certificate can be active or revoked.

Temp Certificate

Click to create a temporary certificate.

Use this option when you want to install a new client on a CommCell that requires certificate authentication. Once the certificate is generated, deliver the certificate to the installer running on the client.

Revoke

Click to revoke an active client certificate.

Renew

Click to generate a new certificate for a client. This option requires the client to be reachable from the CommServe.

Temporary Certificate

Use this dialog box to create a short-term client certificate. Once the temporary certificate is generated, it will be displayed in the text area of this dialog box.

Client Name

Select the client computer for which you want to create the temporary certificate.

Copy to Clipboard

Click to copy the temporary certificate contents to the clipboard of your local computer.

Create

Click to generate the temporary certificate for the selected client computer.