Sec/User Mgmt: Step 6. Enable PKI

Document created by RSA Information Design and Development Employee on Mar 23, 2017Last modified by RSA Information Design and Development Employee on Apr 4, 2018
Version 3Show Document
  • View in full screen mode

This topic describes the procedure to enable Public Key Infrastructure (PKI) authentication on Security Analytics.


To enable PKI, make sure that:

  • At least one Active Directory (AD) is configured and enabled on Security Analytics. This AD must be reachable and the roles must be mapped. 

Note: PAM is not supported for PKI authentication. 

  • One Server Certificate is configured and set as 'Use as Server Certificate'.
  • One Trusted CA certificate is configured.


Enable PKI Authentication

To enable PKI authentication:

  1. In the Security Analytics menu, select  Administration > Security
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.
  3. In the Enable PKI section, select the Enable PKI checkbox.
  4. Click Apply.
    The Pre-Requisite Checks dialog is displayed.
  1. Click Enable PKI.

Note: If all the prerequisites are met, only then you click on Enable PKI.

  1. Refresh the puppet agent on the Security Analytics host using the following command:
    puppet agent -t

Note: After the puppet refresh, the default Administrator account is disabled and you will be ONLY authenticated using the certificate.

After you enable PKI:

  1. Make sure you do not delete the AD configuration and external group mapping that corresponds to the user certificate's domain.
  2. To log out from a PKI based session, you must close the browser used to access Security Analytics.
  3. If audit log is enabled, the user login and activity is logged using the user DN.
You are here
Table of Contents > Set Up Public Key Infrastructure (PKI) Authentication > Configure PKI Authentication > Step 6. Enable PKI