000035252 - When is a wildcard certificate needed in RSA SecurID Access?

Document created by RSA Customer Support Employee on Jun 14, 2017Last modified by RSA Customer Support Employee on Jun 15, 2017
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000035252
Applies ToRSA Product Set: SecurID Access
IssueConfigure Company Information and Certificates specifies that the SecurID Access Application Portal SSL certificate must be a wildcard certificate.  Additionally, RSA SecurID Access Integrating the Cloud Authentication Service and RSA Authentication Manager (see page 14 on Certificate Requirements) points to the same certificate configuration information.
Some enterprise security policies either disallow or require a justification to use a wildcard certificate.
Resolution
  1. If you are using the RSA SecurID Access Application Portal for SSO and protecting applications using HTTP Federation (HFED) rather than SAML, it is recommended to install a wildcard certificate into your IDRs.  It is technically possible to use a non-wildcard certificate in this scenario; however, you would need to instead create a portal certificate that includes a Subject Alternative Name for each HFED protected application.
  2. If you plan to use Authenticate Application tokencodes to authenticate to SecurID protected on-premise applications you also need to install an SSL certificate into your IDRs.  However, if you are not making use of the SSO application portal then this certificate need not be a wildcard certificate.
  3. Using the SecurID Access RADIUS feature does not require installing IDR certificates.

Attachments

    Outcomes