Appendix – Client Authentication

NVIDIA UFM-SDN Appliance User Manual v4.9.0

On This Page

Client authentication feature enables providing a client certificate over secured connections (HTTPS) when using UFM REST API, and associating a specific SAN (Subject Alternative Name) of the client certificate to a UFM user.

  1. Configure HTTPS access with UFM web client authentication using the command ufm web-client mode https-client-authentication

  2. Associate client certificate SAN with a UFM user using the command ufm web-client associate-user

  3. Set a server certificate hostname used to access the UFM web client using the command ufm web-client server-cert hostname

  4. Configure certificates automatic refresh settings using the commands:

    1. ufm web-client client-authentication cert-refresh self-client-cert fetch for supplying a bootstrap certificate file

    2. ufm web-client client-authentication cert-refresh ca-cert for setting a download URL for root/intermediate certificate

    3. ufm web-client client-authentication cert-refresh server-cert for setting a download URL for server and bootstrap certificates

    4. ufm web-client client-authentication cert-refresh enable for enabling UFM web client certificates auto-refresh

Notes:

  • You may refresh the server and root/intermediate certificates manually using the CLI command ufm web-client client-authentication cert-refresh run-now

  • Instead of using the automatic refresh, you may supply the server and root/intermediate certificates using the commands ufm web-client server-cert fetch and ufm web-client client-authentication ca-cert fetch

To review the settings, run the show ufm web-client command.

Example:

Copy
Copied!
            

ufmapl [ mgmt-ha-active ] (config) # show ufm web-client Mode: HTTPS Client authentication: Yes   Bootstrap certificate file: Present CA certificate file: Present Server certificate file: Present   Server certificate hostname: ufm.mellanoxhpc.net   User Associations: SAN: ufm.mellanoxhpc.net User: ufmsysadmin   Certificate Auto-refresh: Enabled: Yes CA certificate URL: https://mellanox.com/cacerts Server certificate URL: https://mellanox.com/servercerts Server certificate thumbprint: 6007A082F1342511021E75576E57A5F72AEF31EF Last checked: 2019-10-17 09:15:20 Last update: 2019-10-17 09:15:20

Once all configurations are set, start the UFM service using the command ufm start.

© Copyright 2023, NVIDIA. Last updated on Sep 5, 2023.