Appendix – Client Authentication
Client authentication feature enables providing a client certificate over secured connections (HTTPS) when using UFM REST API, and associating a specific SAN (Subject Alternative Name) of the client certificate to a UFM user.
Configure HTTPS access with UFM web client authentication using the command ufm web-client mode https-client-authentication
Associate client certificate SAN with a UFM user using the command ufm web-client associate-user
Set a server certificate hostname used to access the UFM web client using the command ufm web-client server-cert hostname
Configure certificates automatic refresh settings using the commands:
ufm web-client client-authentication cert-refresh self-client-cert fetch for supplying a bootstrap certificate file
ufm web-client client-authentication cert-refresh ca-cert for setting a download URL for root/intermediate certificate
ufm web-client client-authentication cert-refresh server-cert for setting a download URL for server and bootstrap certificates
ufm web-client client-authentication cert-refresh enable for enabling UFM web client certificates auto-refresh
Notes:
You may refresh the server and root/intermediate certificates manually using the CLI command ufm web-client client-authentication cert-refresh run-now
Instead of using the automatic refresh, you may supply the server and root/intermediate certificates using the commands ufm web-client server-cert fetch and ufm web-client client-authentication ca-cert fetch
To review the settings, run the show ufm web-client command.
Example:
ufmapl [ mgmt-ha-active ] (config) # show ufm web-client
Mode: HTTPS
Client authentication: Yes
Bootstrap certificate file: Present
CA certificate file: Present
Server certificate file: Present
Server certificate hostname: ufm.mellanoxhpc.net
User Associations:
SAN: ufm.mellanoxhpc.net
User: ufmsysadmin
Certificate Auto-refresh:
Enabled: Yes
CA certificate URL: https://mellanox.com/cacerts
Server certificate URL: https://mellanox.com/servercerts
Server certificate thumbprint: 6007A082F1342511021E75576E57A5F72AEF31EF
Last checked: 2019-10-17 09:15:20
Last update: 2019-10-17 09:15:20
Once all configurations are set, start the UFM service using the command ufm start.