9.29.1 Configuring the Certificate Settings

You can configure certificate settings for the FIDO U2F authentication method. By default, Advanced Authentication does not require the attestation certificate for authentication by the FIDO U2F compliant token. Ensure that you have a valid attestation certificate added for your FIDO U2F compliant token, when you configure this method. The Yubico and Feitian attestation certificates are pre-configured in the Advanced Authentication appliance.

To validate the attestation certificate for the FIDO U2F authentication, perform the following steps:

  1. Set Require attestation certificate to ON to enable validation of attestation certificate.

  2. Select the attestation certificate:

    1. To use a default certificate, click Add Default.

    2. To use a custom certificate instead of predefined device manufacturer certificate, perform the following steps:

      1. Click next to the default attestation certificate to remove the certificate.

      2. Click Add to add a custom certificate.

      3. Click Browse then select the custom certificate and click Upload.

        The certificate must be in the PEM format.

    To restore the deleted attestation certificate, click Add Default.