NVIDIA UFM-SDN Appliance User Manual v4.16.1
NVIDIA Docs Hub Homepage  NVIDIA Networking  Networking Software  Management Software  NVIDIA UFM-SDN Appliance User Manual v4.16.1  Appendix – Client Authentication

On This Page

Appendix – Client Authentication

Overview

Client authentication feature enables providing a client certificate over secured connections (HTTPS) when using UFM REST API, and associating a specific SAN (Subject Alternative Name) of the client certificate to a UFM user.

Configuration

  1. Configure HTTPS access with UFM web client authentication using the command ufm web-client mode https-client-authentication

  2. Associate client certificate SAN with a UFM user using the command ufm web-client associate-user

  3. Set a server certificate hostname used to access the UFM web client using the command ufm web-client server-cert hostname

  4. Configure certificates automatic refresh settings using the commands:

    1. ufm web-client client-authentication cert-refresh self-client-cert fetch for supplying a bootstrap certificate file

    2. ufm web-client client-authentication cert-refresh ca-cert for setting a download URL for root/intermediate certificate

    3. ufm web-client client-authentication cert-refresh server-cert for setting a download URL for server and bootstrap certificates

    4. ufm web-client client-authentication cert-refresh enable for enabling UFM web client certificates auto-refresh

Notes:

  • You may refresh the server and root/intermediate certificates manually using the CLI command ufm web-client client-authentication cert-refresh run-now

  • Instead of using the automatic refresh, you may supply the server and root/intermediate certificates using the commands ufm web-client server-cert fetch and ufm web-client client-authentication ca-cert fetch

To review the settings, run the show ufm web-client command.

Example:

Copy
Copied!
            

            
ufmapl [ mgmt-ha-active ] (config) # show ufm web-client 
  Mode: HTTPS
  Client authentication: Yes
 
  Bootstrap certificate file: Present
  CA certificate file: Present
  Server certificate file: Present
 
  Server certificate hostname: ufm.mellanoxhpc.net
 
  User Associations:
    SAN:  ufm.mellanoxhpc.net
    User: ufmsysadmin
 
  Certificate Auto-refresh:
    Enabled: Yes
    CA certificate URL: https://mellanox.com/cacerts
    Server certificate URL: https://mellanox.com/servercerts
    Server certificate thumbprint: 6007A082F1342511021E75576E57A5F72AEF31EF
    Last checked: 2019-10-17 09:15:20
    Last update: 2019-10-17 09:15:20

Once all configurations are set, start the UFM service using the command ufm start.
© Copyright 2024, NVIDIA. Last updated on May 29, 2024.
content here