TOTPRadius - Web Server and LDAPS certificates
The admin panel allows uploading different types of certificates. Navigate to "Web Server and LDAPS certificates" from the left menu
Management interface
The management interface of TOTPRadius is web based and is recommended to be accessed via HTTPS protocol (although HTTP is also supported and can be enabled if needed). In addition to the admin panel functionality, the web server is used for server replication (if configured in master/slave mode) and REST Web API (used for web-based integrations such as Citrix StoreFront self-enrollment, WordPress and ADFS plugins). Therefore, it is recommended to generate and apply the proper web server certificate for these interfaces. The appliance comes with a dummy self-signed certificate that is recommended to be replaced with your own. You can use a public certificate or a certificate issued by your internal CA (if the internal CA trust has been added to all your clients).To update the web certificate files, you need to navigate to Admin Portal -> Web Certificate page and paste the content of the private key and the certificate itself into the corresponding text areas in the Admin panel web certificate section.
VPN Interface
A similar procedure is required for updating the certificate of the VPN Portal running on the same appliance but a different port (9443). As this is the interface facing public internet (via 1:Many NAT from 443 to 9443), a commercial web certificate might be needed. You can also place the VPN portal behind a CDN that can provide the SSL certificate as a part of the service (i.e. Cloudflare).
Click on "Update certificates" button to apply the changes. The web server will need to be restarted to complete the process.
LDAPS CA Certificate
The same page allows uploading your CA Root certificates if you decide to use LDAPS protocol to connect to your LDAP servers. You can also use the built-in tool to retrieve the certificate from your LDAPS server.About
Installation and configuration
- Installation and initial configuration
- Network configuration
- Migrating from older versions
- LDAP Configuration
- Azure AD Configuration
- Self-service enrollment portal
- Web and LDAPS Certificates
- Syslog configuration
- Single-factor authentication exceptions
- Slave appliance mode
- Dynamic RADIUS Attributes
Integration guides
Blog
10-09-2024
Independent Public Security Review of Token2 PIN+ FIDO2 Security Keys
Compass Security Schweiz AG (Compass), a leading Swiss IT security firm, has conducted a comprehensive and independent public security review of the Token2 PIN+ FIDO2 Security Keys firmware.
04-09-2024
Update on EUCLEAK Vulnerability and Chip Security
We want to assure you that we do not use Infineon chips, which are affected by the EUCLEAK side-channel attack recently identified by NinjaLabs. This attack exploits a vulnerability related to the extended Euclidean algorithm (EEA) used in modular inversion.
24-05-2024
Reminder: Our management tools for FIDO2.1 Security Keys are Open Source!
Just a quick reminder: our FIDO2.1 Manager tool, your go-to solution for managing FIDO2 credentials securely, is fully open source! Both the Windows version, created with PowerShell, and a Linux (C++ and Python) version are available.