- 03 Jan 2025
- 3 Minutes à lire
- SombreLumière
- PDF
Managing certificates
- Mis à jour le 03 Jan 2025
- 3 Minutes à lire
- SombreLumière
- PDF
You can manage all server and certification authority (CA) certificates used by all OneSpan Authentication Server Appliance components via the Certificate Management page in the Configuration Tool.
Server certificates
Server certificates contain public and private keys and are usually used to secure connections to a server or a component using SSL, e.g. SEAL communicator, SOAP communicator, Configuration Tool, etc.
Trusted root certificate authorities
Trusted certification authority (CA) certificates are typically used to determine which client certificates to trust. Trusted CA certificates often come in bundles containing several different trusted root CAs.
OneSpan Authentication Server Appliance root CA
OneSpan Authentication Server Appliance contains a built-in certification authority (CA) used to sign all automatically generated default certificates. This list contains the root CA certificate for the OneSpan Authentication Server Appliance CA.
Editing server or CA certificates
To edit a server or CA certificate
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Select Settings > Certificates.
Select the certificate in the respective list and click Edit.
The Edit Certificate Dialog appears.
Edit the certificate as required and click Update.
If you want to upload the signed certificate for a pending certificate signing request (CSR), you can specify the certificate file in the Upload Signed Certificate box.
Downloading server or CA certificates
To download a server or CA certificate
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Select Settings > Certificates.
- Select the certificate in the respective list and click Download certificate.
Deleting server or CA certificates
To delete a server or CA certificate
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Select Settings > Certificates.
- Select the certificate in the respective list and click Delete.
Adding server certificates
To add a server certificate
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Select Settings > Certificates.
Click Add Certificate in the Server Certificates section.
The Add Certificate Wizard appears.
Do one of the following:
If you want to create a new certificate:
- In the Certificate Source page, select Create New Certificate.
Specify the certification authority to sign the certificate.
Select Appliance Signs The Certificate if you want to use the built-in root CA of the OneSpan Authentication Server Appliance to create a self-signed certificate.
Select Third Party Signs The Certificate if you want to have a third-party CA to create a certificate.
Specify the subject data for the certificate request.
If you chose to use the built-in CA, the certificate is being created and added to the Server Certificate list.
If you chose to use a third-party CA, a certificate signing request (CSR) is being created and can be downloaded to submit to the respective CA. When the third-party CA has created your certificate, upload the signed certificate using the Edit Certificate Dialog.
If you want to upload an existing certificate:
- In the Certificate Source page, select Upload Certificate.
Specify the certificate file to upload.
The certificate must be a Base64-encoded X.509 certificate file (usually a .PEM file), containing the certificate and the respective private key file. Certificate chains can be included with the certificate within one single certificate file using the PEM file format.
If required, type the private key password.
- Click Finish to close the wizard.
Adding trusted root certification authority (CA) bundles
To add a trusted root certification authority (CA) bundle
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Select Settings > Certificates.
Click Add Authority in the Trusted Root Certificates Authorities section.
The Add Authority Wizard appears.
Specify the certificate or certificate bundle to upload.
The certificate must use the PEM file format. Multiple certificate authority signing certificates can be used for validating client certificates, but must be uploaded in a single file.
- Click Next to add the certificate bundle to the Trusted Root Certificate Authorities list.
- Click Finish to close the wizard.