Documents in -Public Key Infrastructure

WebADM Administrator Guide

1. Product Documentation This document is a configuration guide for RCDevs WebADM. The reader should notice that this document is not a guide for configuring WebADM applications (Web Services and WebApps). Specific application guides are available through the RCDevs online documentation library. WebADM installation and setup is not covered by this guide and is documented in the RCDevs WebADM Installation Guide. 2. Product Overview WebADM is a powerful Web-based LDAP administration software designed for professionals to manage LDAP Organization resources such as domain users and groups.

WebADM Installation Guide (Standalone and High Availability setup)

Product Documentation This document is an installation guide for WebADM Server in standalone and high availability mode. WebADM server is the main component to install and deploy OpenOTP in your environment. WebADM usage manual is not covered by this guide and is documented in the RCDevs WebADM Administrator Guide. Product Overview WebADM is a powerful Web-based LDAP administration software designed for professionals to manage LDAP Organization resources such as Domain Users and Groups.

WebADM As Subordinate Certificate Authority

1. Overview RCDevs’ suite offers a public key infrastructure service and that functionality is mandatory for the proper functioning of RCDevs solutions. The default setup is to make WebADM/Rsignd a standalone CA. In that scenario, you just need to follow the default WebADM setup. For customers which already have a CA in place and running, you can configure WebADM as a subordinate CA. This document will present you with how to configure WebADM as a subordinate certificate authority of your enterprise certificate authority.

MIRKey / eHSM devices configuration (Hardware Security Module)

Setup of MIRkey / eHSM devices to use with WebADM 1. Introduction This guide will lead you through the setup of one or preferably several (for load-balancing and fail-over purposes) eHSM / MIRkey to use hardware cryptography within WebADM, adding an extra layer of security to protect WebADM sensitive data. MIRKey HSMs required at least WebADM 2.0.17. 2. Download and install the ellipticSecure Device Manager Although it is possible to initialize and setup the eHSM or MIRkey using standard command-line pkcs11 tools, we recommend to use the ellipticSecure Device Manager GUI that allows the update of the firmware and to setup a backup domain allowing backups from one device to be restored to a different device, which is particulary useful for load-balancing across several HSMs and for disaster recovery purposes.

Smartcard HSM (Hardware Security Module)

Setup of SmartCard-HSM devices to use with WebADM 1. Introduction This guide will lead you through the setup of one or preferably several (for load-balancing and fail-over purposes) SmartCard-HSM to use hardware cryptography within WebADM, adding an extra layer of security to protect WebADM sensitives informations. All steps of the initialization, configuration and replication of the devices can be performed directly with standard command line tools directly on the server where WebADM is installed, except for the generation of an AES secret key that will be, as we write these lines, only exportable to another device if it has been generated properly through the Smart Card Shell GUI.

YubiHSM Configuration (Hardware Security Module)

1. Product Documentation This document describes how to configure correctly the Yubico YubiHSM and enable it through the WebADM setting, in order to provide both hardware level encryption and random seed generation (the strongest Enterprise security available) in your RCDevs product. WebADM only needs a subset of commands to work with the YubiHSM and the reader should notice that this document is not a guide describing all possible modes of operation provided by the device itself.

Trusted Certificate

1. How to Use my Own Trusted Certificate in WebADM During installation, WebADM generates its own certificate authority certificate and server SSL certificates. Yet, you can use your own SSL certificates instead of the pre-generated ones. Using a trusted certificate may be required when you use the RCDevs OpenID IDP, and to avoid user browser warnings when accessing the WebApps. Just create the SSL certificate and key files in /opt/webadm/pki/custom.crt and /opt/webadm/pki/custom.

EAP and Certificate based authentications

1. Overview This guide explains how to deploy certificate-based authentications for users and computers using 802.1x with RCDevs solutions. This solution can be applied to Wireless LAN / Wired LAN networks, RCDevs Web applications and also custom integrations like certificate-based authentication on your own website through OpenOTP APIs. It also describes how to implement EAP-TTLS authentication and certificate based authentication through OpenOTP APIs. All integrations require at least WebADM product installed and running.

Windows Credential Provider

Normal Login flow Simple Login flow Push Login flow 1. Product Documentation This document is an installation guide for the OpenOTP Credential Provider for Windows. Hence, the installation or configuration of WebADM, including token registration is not covered in this guide. For installation and usage guides to WebADM refer to the RCDevs WebADM Installation Guide and the RCDevs WebADM Administrator Guide available through the RCDevs online documentation Website. 2. Product Overview The OpenOTP Credential Provider for Windows is a component that integrates the RCDevs OpenOTP one-time password authentication into the Windows login process.