You can secure the connection between a workstation and Advanced Authentication servers with a valid SSL certificate, thus preventing any attacks on the connection and ensuring safe authentication.
You can enable verification of a server certificate on Linux platforms in the following ways:
NOTE:You must upload the SSL certificate in the Administration portal > Server Options. The SSL certificate provides high level of encryption, security, and trust. For more information about how to upload the SSL certificate, see Uploading the SSL Certificate.
To enable verification of a server certificate in the PAM certificate path on all Linux platforms, perform the following steps:
Navigate to /opt/pam_aucore/etc/ and open pam_aucore.conf file.
Specify verifyServerCertificate=true in the configuration file.
If the configuration file does not exist, create a new file.
Place the trusted certificates in /opt/pam_aucore/certs.
If the certificates are not available in /opt/pam_aucore/certs, PAM module searches OS specific certificate directory.
NOTE:Ensure that the server certificates are in .cert or .crt format.
Run the command sudo chmod 644 to set permission for certificates.
To enable verification of a server certificate in the OS specific certificate path, perform the following steps:
Navigate to /opt/pam_aucore/etc and open pam_aucore.conf file.
Specify verifyServerCertificate=true in the configuration file.
If the configuration file does not exist, create a new file.
Place the trusted certificates in the OS specific path of respective Linux platform. Following are the OS specific paths of the Linux platforms:
CentOS 7.x, Red Hat - /etc/pki/ca-trust/source/anchors
SUSE 11.x - /etc/ssl/certs
SUSE 12.x - /etc/pki/trust/anchors
Ubuntu 16.x, Debian 8.x - usr/local/share/ca-certificates
Run the command sudo chmod 644 to set permission for certificates.
Run the command specific to the platform to update the certificates:
CentOS 7.x, Red Hat - sudo update-ca-trust
SUSE 11.x - sudo c_rehash /etc/ssl/certs
SUSE 12.x - sudo update-ca-certificates
Ubuntu 16.x, Debian 8.x - sudo update-ca-certificates