When is a wildcard certificate needed in RSA SecurID Access?
Originally Published: 2017-06-12
Article Number
Applies To
Issue
Some enterprise security policies either disallow or require a justification to use a wildcard certificate.
Resolution
- If you are using the RSA SecurID Access Application Portal for SSO and protecting applications using HTTP Federation (HFED) rather than SAML, it is recommended to install a wildcard certificate into your IDRs. It is technically possible to use a non-wildcard certificate in this scenario; however, you would need to instead create a portal certificate that includes a Subject Alternative Name for each HFED protected application.
- If you plan to use Authenticate Application tokencodes to authenticate to SecurID protected on-premise applications you also need to install an SSL certificate into your IDRs. However, if you are not making use of the SSO application portal then this certificate need not be a wildcard certificate.
- Using the SecurID Access RADIUS feature does not require installing IDR certificates.
Related Articles
How to run the RSA AMBA utility without the need of input files? Number of Views Does RSA Identity Governance and Lifecycle MAX_STRING_SIZE need to be modified from STANDARD to EXTENDED to accommodate st… Number of Views Do Web Services need to be enabled if they are not being used in RSA Identity Governance & Lifecycle? Number of Views Need to wait until updating radius_connector.ini file after AM8.6 upgrades replica side Number of Views MFA Agent for Windows v2.3 Upgrade Is Paused by Error "The following applications are using files that need to be updated" Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
