The following sections provide help information related to this feature.
Certificate Administration
Use this dialog box to view outstanding client certificates in the CommCell, and to perform these operations:
-
Enforce the authentication of client certification on the CommCell.
-
Configure the renewal period of client certificates.
-
Manage client certificates (create, renew, revoke).
Force per-client certificate authentication on CommServe
This option enforces client certificate authentication on the CommServe host. By default, during client installation, the installer uses built-in certificates to authenticate communications with the CommServe host. Click Yes to enforce the validation of client certificates during installation instead of using built-in certificates.
Client Certificate Rotation Period
Specifies the renewal period (in months) for all client certificates. Clients typically initiate certificate renewal within approximately two weeks of certificate expiration.
The default value for this option is 6 months.
CA Certificate Rotation Period
Specifies the renewal period (in years) for the CommCell Certificate Authority (CA). CommServe hosts typically initiate Certificate Authority renewal within approximately two weeks of CA expiration. Once the new CA certificate is generated, the CommServe distributes the new certificate to all clients, which also triggers the regeneration of client certificates.
The default value for this option is 5 years.
Client certificates are stored in the software_installation_directory/Base/Certificates folder of the client computer. The properties for each client certificate are:
-
Serial Number
The unique serial number belonging to the client certificate.
-
Client
The client associated to the certificate. Each client computer has its own unique client certificate.
There are two types of certificates: the certificate of a client computer (generated during the client installation), and the Certificate Authority (CA). The CA certificate is generated by the installer during CommServe installation, and is used to sign the certificate of all clients in the CommCell.
-
Signed By
The serial number of the CA certificate that validated the client certificate. CA certificates are self-signed.
-
Created
The date when the certificate was created.
-
Expiration
The date on which the certificate expires.
-
Status
The current status of the certificate. A certificate can be active or revoked.
Temp Certificate
Click to create a temporary certificate.
Use this option when you want to install a new client on a CommCell that requires certificate authentication. Once the certificate is generated, deliver the certificate to the installer running on the client.
Revoke
Click to revoke an active client certificate.
Renew
Click to generate a new certificate for a client. This function requires the client to be reachable from the CommServe.
Temporary Certificate
Use this dialog box to create a short-term client certificate. After the temporary certificate is generated, it is displayed in the text area of this dialog box.
Client Name
Select the client computer for which you want to create the temporary certificate.
Copy to Clipboard
Click to copy the temporary certificate contents to the clipboard of your local computer.
Create
Click to generate the temporary certificate for the selected client computer.