Welcome to Voyager Help

Use the Search field below or select a Category from the list at the left

Configuring PKI (Public Key Infrastructure) Authentication

Public key infrastructure (PKI) is a set of policies and and procedures for managing public-key encryption. It is used to enable secure communication when simple passwords are insufficient for validating authentication. To configure PKI authentication in Voyager, you need to:

  • Enable the use of a Client Certificate to access secured services
  • Enable authorization using the Client Certificate

Enabling the Use of a Client Certificate

The first step is to enable access to secured services by enabling the use of a Client Certificate.

To enable use of a Client Certificate:

  1. Go to Manage Voyager > Discovery > HTTP Client
  2. Check the box next to Support Client Certificate



  3. Enter the Private Key and Password



  4. (You can also add the CA certificate at this time)
  5. Click Save

Testing the HTTP Client

To test the HTTP client:

  1. Go to Manage Voyager > Discovery > HTTP Client
  2. Enter a secure URL in the Test panel



  3. Click Test

If the HTTP Client was configured correctly, you should see the Response Headers in the results section.

Enabling Client Certificate Authentication

The next step is to enable Client Certificate Authentication.

  1. Go to Manage Voyager > Security > Authentication



  2. Check the box next to Client Certificate and click Configure



  3. Enter the Private Key and Password
  4. You can also add a trusted certificate here
  5. Click Save

Adding the Certificate to a Browser

In order to use a certificate to authenticate against Voyager, you need to add the certificate to the browser being used to access Voyager.

To install a certificate:

  1. Open the browser settings (in this example, Chrome)



  2. Click Advanced
  3. Click Manage certificates



  4. Click Import and follow the wizard to import the certificate



  5. When you next open Voyager, it will request a certificate



  6. When the certificate is selected, Voyager will authenticate the user  

Generating certificates for testing

To generate certificates that you can use in testing and configuration:

  1. Download Easy RSA from https://github.com/OpenVPN/easy-rsa
  2. Edit the vars file modifying these values: 
    export KEY_COUNTRY="US"
    export KEY_PROVINCE="California"
    export KEY_CITY="Redlands"
    export KEY_ORG="Voyager Search"
    export KEY_EMAIL="pki@voyagersearch.com"
    export KEY_OU="IT"
    export KEY_NAME="Voyager Search"
  3. Execute those commands in the current shell 
    source ./vars
  4.  Clean or initialize the environment 
     ./clean-all
  5.  Generate the CA certificate 
     ./build-ca
  6.  Build the server key 
     ./build-key-server server1
  7.  Generate the Diffie-Hellman parameters 
     ./build-dh
  8.  Generate the client certificate 
     ./build-key client1
  9.  Convert the certificates to PKCS#12 
    openssl pkcs12 -export -inkey keys/client1.key -in keys/client1.crt -certfile keys/ca.crt -out keys/client1.p12
    openssl pkcs12 -export -inkey keys/server1.key -in keys/server1.crt -certfile keys/ca.crt -out keys/server1.p12
 

 

 

© Copyright 2017 Voyager Search

Web Design and Web Development by Buildable