View Faq
|
Question: How do client-side SSL certificates work in Monetra?
|
Answer:
In order to connect to an SSL-enabled server, the client must have an SSL certificate/key to connect and encrypt/decrypt the data. Monetra has the ability to allow any SSL-enable Monetra client to connect or to only allow SSL client access from clients that possess a valid SSL certificate.
By creating your own CA (Certificate Authority) and signing client certificates you can limit secure connections to only clients you designate.
The following lines of prefs.conf control whether valid client certificates are required:
# Require client has a valid SSL certificate to connect
SSLCertRequired=no
# SSL CA file (required to validate a client's SSL certificate)
SSLCAFile=/etc/mcve/mycafile.pem
The Monetra command-line utilities mcvecli and mcveadmin have the ability to specify the ssl cert/key file(s) used to connect to Monetra using the -C and -K command-line options. If only one of the options is specified, it is assumed the file contains both the cert and key.
In the future Monetra will allow the administrator to limit access to individual accounts based on the client certificate presented when connecting.
|
<-- Back to FAQ's |
|
|
|
