Login
    Contenu x
    Configuring SSL Certificates
    • 06 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Configuring SSL Certificates

    • Mis à jour le 06 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    You can configure how OneSpan Authentication Server performs encrypted communication via the Configuration Wizard, either during or after installation.

    Configuring SSL certificates during installation

    When installing OneSpan Authentication Server, the OneSpan Authentication Server Setup Utility will automatically launch the Configuration Wizard.

    You can use this wizard to configure SSL certificate settings for the following:

    • SOAP communicator module
    • SEAL communicator module
    • RADIUS communicator module
    • Message Delivery Component (MDC)
    • Live auditing via the Audit Viewer

    During a basic installation, an SSL certificate is generated automatically for each component.

    During an advanced installation, you can specify whether to create an SSL certificate for each component or use an existing SSL certificate.

    Configuring SSL certificates after installation

    To configure SSL certificate settings after installation, you can use the Install SSL Server Certificate wizard via the Maintenance Wizard.

    This allows you to do the following:

    • Install an existing SSL certificate.

    • Generate and install a new test SSL certificate (self-signed).

      The test SSL certificate generated by the Maintenance Wizard has a limited life span and must be renewed periodically. To avoid having to renew the test SSL certificate periodically you should purchase an SSL certificate.

    • Request a commercial SSL server certificate.

    For more information about default file names and location of generated certificates and certificate files, see Certificates generated via the Configuration Wizard.

    If you want to use a commercial SSL certificate with OneSpan Authentication Server, you will first need to do the following:

    • Obtain the server certificate and private key in PEM format.
    • Note the location of the server certificate file.
    • Know the passphrase for the private key.
    • Know the password for the CA certificate store

    Whenever you are required to provide a private key password for an SSL certificate, note that such passwords must comply with the following requirements:

    • At least 16 characters long
    • Contains at least 1 lowercase character
    • Contains at least 1 uppercase character
    • Contains at least 1 numeric character

    To launch the Install SSL Server Certificate Wizard

    1. Launch the Maintenance Wizard.
    2. Select Install SSL Certificate and click Next. Doing so will launch the Install SSL Server Certificate Wizard.
    3. On the Install SSL Server Certificate Wizard, click Next to continue.
    4. From the drop-down list, select the component for which you would like to generate a new SSL certificate, and click Next to continue.

    After launching the Install SSL Server Certificate wizard, refer to the appropriate option (from the following procedures).

    To generate and install a new test certificate

    1. After selecting a component for which to generate and install an SSL certificate (via the Install SSL Server Certificate Wizard), select Generate and install a new test certificate (self-signed) and click Next.
    2. Enter a password for the private key, and select a signature algorithm from the drop-down list.
    3. Click Next to continue to a confirmation page.
    4. Review your details and click Next.
    5. Click Finish.

    To generate a certificate signing request

    1. After selecting a component for which to generate and install an SSL certificate (via the Install SSL Server Certificate Wizard), select Request a commercial SSL server certificate and click Next.

    2. Enter the following details:

      • Password. Password of the private key used to sign the certificate signing request (CSR).
      • Common Name. FQDN or IP address of the server for which the certificate is being created.
      • Organization Name. Name of your company.
      • Organization Unit. Branch/division of your company which is using the certificate (e.g. accounting, IT).
      • Locality. City of your office.
      • State. State or province of your office.
      • Country. Country of your office.
    3. Click Next to continue to a confirmation page; review your details and click Next.
    4. The request will be generated in encrypted PEM format, and displayed on the Maintenance Wizard.

    5. Copy the displayed request text and paste it to either of the following:

      • Certificate Signing Request website.
      • New text file with .csr file extension.

    To install an existing SSL certificate

    1. After selecting a component for which to install an existing SSL certificate (via the Install SSL Server Certificate Wizard), select Install my own SSL Certificate and click Next. The SSL Server Certificate Selection page is displayed.

    2. Use the Browse buttons of each field to locate and select the following files:

      • SSL private key (in PEM format)
      • Server certificate file that uses base-64 encoding
      • Intermediate certificate bundle (optional)
      • Certificate Authority (CA) file that uses base-64 encoding
      Certification authority (CA) files should be located on the same host as OneSpan Authentication Server. If your CA file is located on a network share, you need to copy the file locally before you browse to it and select it.
    3. Enter the private key password for the SSL private key.
    4. Click Next to continue to a confirmation page; review your details and click Next.
    5. Click Finish.

    The Administration Web Interface uses the SOAP communicator module to connect to OneSpan Authentication Server. If you manually configured the SOAP SSL configuration after installation, you also need to configure the Administration Web Interface accordingly. For more information, see Manual TLS/SSL configuration of Administration Web Interface connections to OneSpan Authentication Server.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle