Sec/User Mgmt: Step 3: Import Server Certificate and Trusted CA Certificate

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

This topic describes the procedure to import a Security Analytics server certificate with its key and trusted Certificate Authority (CA) certificate required to enable Public Key Infrastructure (PKI) authentication.

Prerequisites

Make sure that you have:

  • Configured Active Directory to enable authentication for external groups. For more information, see Step 1: Configure Active Directory.
  • Mapped external groups to Security Analytics user roles. For more information, see to Step 2: Map User Roles to External Groups.
  • The Security Analytics server certificate with its private key.
  • The trusted CA certificates.This can be the root CA's or Intermediate CA's certificate up to root CA.
  • The Security Analytics user certificate signed by one of the trusted CAs in the Security Analytics server.

Supported Certificate Formats

The following certificate formats are supported. You must select the format that meets your requirement:

  • For server certificate with its private key:
    • .pkcs12 or .p12 
    • .jks
    • .pfx   
  • For trusted CA certificate:
    • .pkcs12 or .p12 
    • .jks 
    • .pfx
    • .pem
    • .crt
    • .der
    • .cer

Note: The .pfx, .p12, .jks are containers that can contain one or more private keys and its chains or certificates. PEM is a BASE64 encoded certificate that can contain multiple certificates.

Import SA Server Certificate with its Private Key

To import SA server certificate with its private key:

  1. In the Security Analytics menu, select  Administration > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.
  3. In the Server Certificates section, click Icon-Add.png .
    The Import Server Certificates dialog is displayed.
    10.5.0.2_ImpServerCer.png
  4. In the Keystore/Certificate File field, click Browse and select the certificate store.
  5. In the Password field, enter the password of the certificate store.
  6. (Optional) If the user certificate and Security Analytics server certificate are issued by the same CA, select the Import CAs checkox.
  7. Click Save.
    The Security Analytics server certificate with its private key is successfully added to Security Analytics.

Note: You can import multiple server certificates with its private keys.

Note: The Import Server Certificates dialog may not close on some browsers, however, the import is           successful. To view the imported certificate, you must refresh the page.

  1. Specify a default server certificate. Select a certificate and click Use as Server Certificate.
    The selected server certificate is highlighted in red.

Import Trusted CAs

To import trusted CAs:

  1. In the Security Analytics menu, select  Administration > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.
  3. In the Trusted CAs section, click Icon-Add.png .
    The Import Certificate Authority dialog is displayed.
    10.5.0.2_ImpCerAuth.png
  4. In the CA Store File field, click Browse and select the certificate or certificate store.
  5. In the Password field, enter the password of the certificate or certificate store.

Note: The password is applicable only for .pkcs12 or .p12, .pfx, and .jks certificate store formats.

  1. Click Save.
    The CA certificate is successfully added to the Security Analytics Trusted CAs store.
You are here: Set Up Public Key Infrastructure (PKI) Authentication > Configure PKI Authentication > Step 3. Import Server Certificate and Trusted CA Certificate

Attachments

    Outcomes