Network Authentication - Online Help
The following sections provide context-sensitive help information related to this feature.
Use this dialog box to view the list of all outstanding client certificates in the CommCell and to perform the following operations:
- Enforce the authentication of client certification on the CommCell
- Configure the renewal period of client certificates
- Manage client certificates (create, renew, revoke)
Force per-client certificate authentication on CommServe
This option enforces the client certificate authentication on the CommServe. By default, during the client installation, the installer uses built-in certificates to authenticate communications with the CommServe. Click Yes to enforce the validation of client certificates during installation instead of using built-in certificates.
Client Certificate Rotation Period
Specifies the renewal period (in months) for all client certificates. Typically, within two weeks before the renewal period completes its cycle, the client will initiate the certification renewal.
The default value for this option is 6 months.
CA Certificate Rotation Period
Specifies the renewal period (in years) for the CommCell Certificate Authority (CA). Typically, within two weeks before the renewal period completes its cycle, the CommServe will initiate the certification renewal. Once the new CA certificate is generated, the CommServe distributes the certificate to all clients, which at the same time triggers the re-generation of client certificates.
The default value for this option is 5 years.
Client certificates are stored in the <Software_Installation_Directory>/Base/Certificates folder of the client computer. The following are the properties for each of the certificates listed in the table:
- Serial Number
Indicates the serial number of a client certificate. Each certificate has a unique serial number.
Indicates the client associated to the certificate. Each client computer has a unique client certificate.
There are two types of certificates: the certificate of a client computer which is generated during the client installation, and the Certificate Authority (CA). The CA certificate is generated by the installer during the CommServe installation. This certificate is used to sign the certificate of all clients in the CommCell.
- Signed By
Indicates the serial number of the CA certificate that validated the client certificate. CA certificates are self-signed.
Indicates the date when the certificate was created.
Indicates the date that the certificate will expire.
Indicates the current status of the certificate. A certificate can be active or revoked.
Click to create a temporary certificate.
Use this option when you want to install a new client on a CommCell that requires certificate authentication. Once the certificate is generated, deliver the certificate to the installer running on the client.
Click to revoke an active client certificate.
Click to generate a new certificate for a client. This option requires the client to be reachable from the CommServe.
Use this dialog box to create a short-term client certificate. Once the temporary certificate is generated, it will be displayed in the text area of this dialog box.
Select the client computer for which you want to create the temporary certificate.
Copy to Clipboard
Click to copy the temporary certificate contents to the clipboard of your local computer.
Click to generate the temporary certificate for the selected client computer.