Idea Details

Simplify SSL Application Between RA Components

Last activity 02-03-2018 07:15 PM
Anon Anon's profile image
07-12-2015 11:35 AM

A lot of customers are reporting problems when trying to apply SSL communication between different RA components.

The reason is that the current procedure requires a lot of manual tinkering which leaves a lot of room for user error.

The manual process is very mechanical and doesn't require any human-based decision making, but it does require rudimentary understanding of certification process which some customers do not have, which causes much frustration and trial-and-error on the customer's side.

 

We need to simplify this feature.

 

Much like the import/export screen, for example, a possible solution is that after the customer creates and signs the certificates (which should be done by their security teams), all the customer has to do is click a button and be taken to a wizard that asks him to point out the certificate files location, put in the passwords for truststore/keystore, and the rest will be done automatically (alterations to RA configuration files, encryption of passwords, etc).


Comments

02-03-2018 07:07 PM

Trust relation between NAC, NES, NEXUS servers may be made more simple, if possible via Web interface. Security between external systems like LDAP/AD and configuring HTTPS for the NAC may be add to the same configuration and same location for storing certificates.

07-21-2017 11:49 AM

"3: Any upgrade should not override the existing certs configuration." - this is very important and much needed

08-12-2016 03:36 AM

Hi There,

I this is very much needed and hope to see this in next release of RA.

 

Thank You

Sachin

07-24-2015 09:19 AM

Any upgrade should not break exisiting SSL configuration

07-15-2015 12:24 PM

One potential solution that I've heard for this problem (it was not my idea) is to pre-load the product with an application that would automatically apply SSL when you deploy it. You'd just have to provide the certificates and set up the application/environment with the correct information. Not quite an automated, one-click UI, but way better than what we have now.

07-15-2015 11:09 AM

We are working on a doc update for this that should help in the interim. But yes, would be much better if this were simplified.

07-15-2015 10:30 AM

Can I vote for this 100 times?

 

We should be able to load certs, and implement SSL communications between the various components directly from the UI.....

07-13-2015 04:41 AM

Adding my little pie

 

Customer wanted a very simple product feature with some characteristics below.

1: Centralized Certificate manager built in ROC/ASAP Administration

2: On import/load of certs it should validate if the certificate is as per allowed cert requirements, as we seen that certs with explicit filters like key extension and key-usage doesn't work in NES and NAG.

3: Any upgrade should not override the existing certs configuration.

4: Ideally only one cert to be used to secure all components of RA, its very hard in large environments with 20 + NES and 100 thousands of Agents.

 

-Saurabh

07-13-2015 01:49 AM

Also, the process should be in tacked considering when upgraded to higher versions