When is a wildcard certificate needed in RSA SecurID Access?

3 years ago

Originally Published: 2017-06-12

Article Number

000059041

Applies To

RSA Product Set: SecurID Access

Issue

Configure Company Information and Certificates specifies that the SecurID Access Application Portal SSL certificate must be a wildcard certificate. Additionally, RSA SecurID Access Integrating the Cloud Authentication Service and RSA Authentication Manager (see page 14 on Certificate Requirements) points to the same certificate configuration information.

Some enterprise security policies either disallow or require a justification to use a wildcard certificate.

Resolution

If you are using the RSA SecurID Access Application Portal for SSO and protecting applications using HTTP Federation (HFED) rather than SAML, it is recommended to install a wildcard certificate into your IDRs. It is technically possible to use a non-wildcard certificate in this scenario; however, you would need to instead create a portal certificate that includes a Subject Alternative Name for each HFED protected application.
If you plan to use Authenticate Application tokencodes to authenticate to SecurID protected on-premise applications you also need to install an SSL certificate into your IDRs. However, if you are not making use of the SSO application portal then this certificate need not be a wildcard certificate.
Using the SecurID Access RADIUS feature does not require installing IDR certificates.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change