2.9 Configuration for Verification of Server Certificates

You can secure the connection between a workstation and Advanced Authentication servers with a valid SSL certificate, thus preventing any attacks on the connection and ensuring safe authentication.

You can enable verification of a server certificate on Linux platforms in the following ways:

NOTE:You must upload the SSL certificate in the Administration portal > Server Options. The SSL certificate provides high level of encryption, security, and trust. For more information about how to upload the SSL certificate, see Uploading the SSL Certificate.

2.9.1 Using PAM Certificate Path

To enable verification of a server certificate in the PAM certificate path on all Linux platforms, perform the following steps:

  1. Navigate to /opt/pam_aucore/etc/ and open pam_aucore.conf file.

  2. Specify verifyServerCertificate=true in the configuration file.

    If the configuration file does not exist, create a new file.

  3. Place the trusted certificates in /opt/pam_aucore/certs.

    If the certificates are not available in /opt/pam_aucore/certs, PAM module searches OS specific certificate directory.

    NOTE:Ensure that the server certificates are in .cert or .crt format.

  4. Run the command sudo chmod 644 to set permission for certificates.

2.9.2 Using OS Specific Certificate Paths

To enable verification of a server certificate in the OS specific certificate path, perform the following steps:

  1. Navigate to /opt/pam_aucore/etc and open pam_aucore.conf file.

  2. Specify verifyServerCertificate=true in the configuration file.

    If the configuration file does not exist, create a new file.

  3. Place the trusted certificates in the OS specific path of respective Linux platform. Following are the OS specific paths of the Linux platforms:

    • CentOS 7.x, Red Hat - /etc/pki/ca-trust/source/anchors

    • SUSE 11.x - /etc/ssl/certs

    • SUSE 12.x - /etc/pki/trust/anchors

    • Ubuntu 16.x, Debian 8.x - usr/local/share/ca-certificates

  4. Run the command sudo chmod 644 to set permission for certificates.

  5. Run the command specific to the platform to update the certificates:

    • CentOS 7.x, Red Hat - sudo update-ca-trust

    • SUSE 11.x - sudo c_rehash /etc/ssl/certs

    • SUSE 12.x - sudo update-ca-certificates

    • Ubuntu 16.x, Debian 8.x - sudo update-ca-certificates