Loading...

Network Authentication: Options

The following sections provide help information related to this feature.

Certificate Administration

Use this dialog box to view outstanding client certificates in the CommCell, and to perform these operations:

  • Enforce the authentication of client certification on the CommCell.
  • Configure the renewal period of client certificates.
  • Manage client certificates (create, renew, revoke).

Force per-client certificate authentication on CommServe

This option enforces client certificate authentication on the CommServe host. By default, during client installation, the installer uses built-in certificates to authenticate communications with the CommServe host. Click Yes to enforce the validation of client certificates during installation instead of using built-in certificates.

Client Certificate Rotation Period

Specifies the renewal period (in months) for all client certificates. Clients typically initiate certificate renewal within approximately two weeks of certificate expiration.

The default value for this option is 6 months.

CA Certificate Rotation Period

Specifies the renewal period (in years) for the CommCell Certificate Authority (CA). CommServe hosts typically initiate Certificate Authority renewal within approximately two weeks of CA expiration. Once the new CA certificate is generated, the CommServe distributes the new certificate to all clients, which also triggers the regeneration of client certificates.

The default value for this option is 5 years.

Client certificates are stored in the software_installation_directory/Base/Certificates folder of the client computer. The properties for each client certificate are:

  • Serial Number

    The unique serial number belonging to the client certificate.

  • Client

    The client associated to the certificate. Each client computer has its own unique client certificate.

    There are two types of certificates: the certificate of a client computer (generated during the client installation), and the Certificate Authority (CA). The CA certificate is generated by the installer during CommServe installation, and is used to sign the certificate of all clients in the CommCell.

  • Signed By

    The serial number of the CA certificate that validated the client certificate. CA certificates are self-signed.

  • Created

    The date when the certificate was created.

  • Expiration

    The date on which the certificate expires.

  • Status

    The current status of the certificate. A certificate can be active or revoked.

Temp Certificate

Click to create a temporary certificate.

Use this option when you want to install a new client on a CommCell that requires certificate authentication. Once the certificate is generated, deliver the certificate to the installer running on the client.

Revoke

Click to revoke an active client certificate.

Renew

Click to generate a new certificate for a client. This function requires the client to be reachable from the CommServe.

Temporary Certificate

Use this dialog box to create a short-term client certificate. After the temporary certificate is generated, it is displayed in the text area of this dialog box.

Client Name

Select the client computer for which you want to create the temporary certificate.

Copy to Clipboard

Click to copy the temporary certificate contents to the clipboard of your local computer.

Create

Click to generate the temporary certificate for the selected client computer.