Network Authentication: Options
The following sections provide help information related to this feature.
Use this dialog box to view outstanding client certificates in the CommCell, and to perform these operations:
- Enforce the authentication of client certification on the CommCell.
- Configure the renewal period of client certificates.
- Manage client certificates (create, renew, revoke).
Force per-client certificate authentication on CommServe
This option enforces client certificate authentication on the CommServe host. By default, during client installation, the installer uses built-in certificates to authenticate communications with the CommServe host. Click Yes to enforce the validation of client certificates during installation instead of using built-in certificates.
Client Certificate Rotation Period
Specifies the renewal period (in months) for all client certificates. Clients typically initiate certificate renewal within approximately two weeks of certificate expiration.
The default value for this option is 6 months.
CA Certificate Rotation Period
Specifies the renewal period (in years) for the CommCell Certificate Authority (CA). CommServe hosts typically initiate Certificate Authority renewal within approximately two weeks of CA expiration. Once the new CA certificate is generated, the CommServe distributes the new certificate to all clients, which also triggers the regeneration of client certificates.
The default value for this option is 5 years.
Client certificates are stored in the software_installation_directory/Base/Certificates folder of the client computer. The properties for each client certificate are:
- Serial Number
The unique serial number belonging to the client certificate.
The client associated to the certificate. Each client computer has its own unique client certificate.
There are two types of certificates: the certificate of a client computer (generated during the client installation), and the Certificate Authority (CA). The CA certificate is generated by the installer during CommServe installation, and is used to sign the certificate of all clients in the CommCell.
- Signed By
The serial number of the CA certificate that validated the client certificate. CA certificates are self-signed.
The date when the certificate was created.
The date on which the certificate expires.
The current status of the certificate. A certificate can be active or revoked.
Click to create a temporary certificate.
Use this option when you want to install a new client on a CommCell that requires certificate authentication. Once the certificate is generated, deliver the certificate to the installer running on the client.
Click to revoke an active client certificate.
Click to generate a new certificate for a client. This function requires the client to be reachable from the CommServe.
Use this dialog box to create a short-term client certificate. After the temporary certificate is generated, it is displayed in the text area of this dialog box.
Select the client computer for which you want to create the temporary certificate.
Copy to Clipboard
Click to copy the temporary certificate contents to the clipboard of your local computer.
Click to generate the temporary certificate for the selected client computer.