What can I help you with?
NVIDIA UFM-SDN Appliance User Manual v4.18.3
NVIDIA Docs Hub  NVIDIA Networking  Networking Software  Management Software  NVIDIA UFM-SDN Appliance User Manual v4.18.3  Appendix – Client Authentication

On This Page

Appendix – Client Authentication

Overview

Client authentication feature enables providing a client certificate over secured connections (HTTPS) when using UFM REST API, and associating a specific SAN (Subject Alternative Name) of the client certificate to a UFM user.

Configuration

  1. Configure HTTPS access with UFM web client authentication using the command ufm web-client mode https-client-authentication

  2. Associate client certificate SAN with a UFM user using the command ufm web-client associate-user

  3. Set a server certificate hostname used to access the UFM web client using the command ufm web-client server-cert hostname

  4. Configure certificates automatic refresh settings using the commands:

    1. ufm web-client client-authentication cert-refresh self-client-cert fetch for supplying a bootstrap certificate file

    2. ufm web-client client-authentication cert-refresh ca-cert for setting a download URL for root/intermediate certificate

    3. ufm web-client client-authentication cert-refresh server-cert for setting a download URL for server and bootstrap certificates

    4. ufm web-client client-authentication cert-refresh enable for enabling UFM web client certificates auto-refresh

Notes:

  • You may refresh the server and root/intermediate certificates manually using the CLI command ufm web-client client-authentication cert-refresh run-now

  • Instead of using the automatic refresh, you may supply the server and root/intermediate certificates using the commands ufm web-client server-cert fetch and ufm web-client client-authentication ca-cert fetch

  • In the Server section in the gv.cfg file, there is a configuration option for controlling the maximum request size when using client certificates:

    • The maximum request size, specified in bytes, is set to a default value of 1,572,864 (1536 KB / 1.5 MB). If not explicitly defined, the system will default to Apache's value of 131,072 bytes (128 KB).

    • max_ssl_request_size = 1572864

    • This configuration is expressed in bytes.

To review the settings, run the show ufm web-client command.

Example:

Copy
Copied!
            

            
ufmapl [ mgmt-ha-active ] (config) # show ufm web-client 
  Mode: HTTPS
  Client authentication: Yes
 
  Bootstrap certificate file: Present
  CA certificate file: Present
  Server certificate file: Present
 
  Server certificate hostname: ufm.mellanoxhpc.net
 
  User Associations:
    SAN:  ufm.mellanoxhpc.net
    User: ufmsysadmin
 
  Certificate Auto-refresh:
    Enabled: Yes
    CA certificate URL: https://mellanox.com/cacerts
    Server certificate URL: https://mellanox.com/servercerts
    Server certificate thumbprint: 6007A082F1342511021E75576E57A5F72AEF31EF
    Last checked: 2019-10-17 09:15:20
    Last update: 2019-10-17 09:15:20

Once all configurations are set, start the UFM service using the command ufm start.
© Copyright 2025, NVIDIA. Last updated on Mar 2, 2025.
content here