Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

Tectia

Configuring Certificate Authentication on Tectia Client/ConnectSecure

Tectia Client and Tectia ConnectSecure need to be separately configured to authenticate server hosts using host certificates. The authentication settings can be configured in Configurations → Edit Configurations → Tectia → Client under the PKI page.

The following settings need to be configured:

  • The list of trusted CA certificates. These are used to check the validity of host certificates.

    In case Tectia Manager Internal CA is used, defining the trusted certificate is the only required setting. To use the Internal CA, select Internal Root CA as the CA certificate.

  • The LDAP servers used to retrieve CRLs and subordinate CA certificates in a CA hierarchy should be configured. These settings are necessary only if the host certificates themselves do not contain valid Authority Info Access and/or CRL Distribution Point extensions.

  • If OCSP should be used instead of CRLs and the host certificates themselves do not contain the information, the default OCSP responder URL should be configured.

If CRL checking is disabled, the LDAP server and OCSP responder URLs do not need to be configured. CRL checking should be disabled for testing purposes only.

Activating the settings requires assigning the configuration to the appropriate hosts and redeploying the configurations.

===AUTO_SCHEMA_MARKUP===