Configuring PKI (Public Key Infrastructure) Authentication
Public key infrastructure (PKI) is a set of policies and and procedures for managing public-key encryption. It is used to enable secure communication when simple passwords are insufficient for validating authentication. To configure PKI authentication in Voyager, you need to:
Enable the use of a Client Certificate to access secured services
Enable authorization using the Client Certificate
Enabling the Use of a Client Certificate
The first step is to enable access to secured services by enabling the use of a Client Certificate.
To enable use of a Client Certificate:
Go to Manage Voyager > Discovery > HTTP Client
Check the box next to Support Client Certificate
Enter the Private Key and Password
(You can also add the CA certificate at this time)
Click Save
Testing the HTTP Client
To test the HTTP client:
Go to Manage Voyager > Discovery > HTTP Client
Enter a secure URL in the Test panel
Â
Click Test
If the HTTP Client was configured correctly, you should see the Response Headers in the results section.
Enabling Client Certificate Authentication
The next step is to enable Client Certificate Authentication.
Go to Manage Voyager > Security > Authentication
Â
Â
Check the box next to Client Certificate and click Configure
Â
Â
Enter the Private Key and Password
You can also add a trusted certificate here
Click Save
Adding the Certificate to a Browser
In order to use a certificate to authenticate against Voyager, you need to add the certificate to the browser being used to access Voyager.
To install a certificate:
Open the browser settings (in this example, Chrome)
Click Advanced
Click Manage certificates
Click Import and follow the wizard to import the certificate
When you next open Voyager, it will request a certificate
When the certificate is selected, Voyager will authenticate the user Â
Generating certificates for testing
To generate certificates that you can use in testing and configuration:
Download Easy RSA from GitHub - OpenVPN/easy-rsa: easy-rsa - Simple shell based CA utility
Edit the vars file modifying these values:
export KEY_COUNTRY="US" export KEY_PROVINCE="California" export KEY_CITY="Redlands" export KEY_ORG="Voyager Search" export KEY_EMAIL="pki@voyagersearch.com" export KEY_OU="IT" export KEY_NAME="Voyager Search"
Execute those commands in the current shell
source ./vars
 Clean or initialize the environment
 ./clean-all
 Generate the CA certificate
 Build the server key
 Generate the Diffie-Hellman parameters
 Generate the client certificate
 Convert the certificates to PKCS#12