Configure Certificate Validation Settings

Certificates are authorized externally when they are signed by the CA. The certificates can be automatically validated when they are used to establish an authenticated network connection. To perform this validation, the RealPresence Group Series system must have certificates installed for all CAs that are part of the trust chain. A trust chain is the hierarchy of CAs that have issued certificates from the device being authenticated, through the intermediate CAs that have issued certificates to the various CAs, leading back to a root CA, which is a known trusted CA. The following sections describe how to install and manage these certificates.

A certificate exchange is between a server and a client, both of which are peers. When a user is accessing the system web interface, the system is the server and the web browser is the client application. In other situations, such as when the system connects to LDAP directory services, the system is the client and the LDAP directory server is the server.

Procedure

  1. In the system web interface, go to Admin Settings > Security > Certificates > Certificate Options.
  2. Configure these settings on the Certificates screen and click Save.

    Setting

    Description

    Maximum Peer Certificate Chain Depth Specifies how many links a certificate chain can have. The term peer certificate refers to any certificate sent by the far-end host when a network connection is being established between the two systems.
    Always Validate Peer Certificates from Server Controls whether the system requires a browser to present a valid certificate when it tries to connect to the system web interface.
    Installed Certificates

    Allows the administrator to either view installed certificates or to add a new certificate.

    Signing Request Server

    Allows the administrator to create a new server request certificate.

    Signing Request Client

    Allows the administrator to create a new client request certificate.