Client SSL Integration Guide



Similar documents
Mixed Authentication Setup

Pre-Installation Guide

Managing Relativity SQL log files

Managing Relativity SQL log files

Pre-Installation Guide

Review Manager Guide

Review Manager Guide

Client Configuration Secure Socket Layer. Information Technology Services 2010

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

MadCap Software. Upgrading Guide. Pulse

IIS, FTP Server and Windows

Oracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release E

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Copyright

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Configuring IBM Cognos Controller 8 to use Single Sign- On

Secure IIS Web Server with SSL

HP Device Manager 4.7

Kaseya 2. User Guide. Version 6.1

System Requirements. Version 8.2 November 23, For the most recent version of this document, visit our documentation website.

BlackShield ID Agent for Remote Web Workplace

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

QUANTIFY INSTALLATION GUIDE

How to Secure a Groove Manager Web Site

Enterprise Apple Xserve Wiki and Blog using Active Directory. Table Of Contents. Prerequisites 1. Introduction 1

How to Access Coast Wi-Fi

Creating IBM Cognos Controller Databases using Microsoft SQL Server

HP Device Manager 4.6

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Update Instructions

Sophos SafeGuard Native Device Encryption for Mac quick startup guide. Product version: 7

Aventail Connect Client with Smart Tunneling

How to Configure a Secure Connection to Microsoft SQL Server

Internet Explorer Settings for use with Privia

Group Management Server User Guide

Service Bus Guide. July 4, Version 9.4

RoomWizard Synchronization Software Manual Installation Instructions

Configuring Sponsor Authentication

Ref: U.S. Department of Commerce IT Security Program Policy and Minimum Implementation Standards, revised 30 June 2005.

Update Instructions

Hosted Microsoft Exchange Client Setup & Guide Book

Organization Name National Institutional Facilitation Technologies (Pvt.) Ltd. Business Division Name Information Security Solutions (NIFTeTRUST)

Kerio VPN Client. User Guide. Kerio Technologies

Managing Identities and Admin Access

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

WhatsUp Gold v16.1 Installation and Configuration Guide

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

DSI File Server Client Documentation

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER

Run Archive Server for MDaemon in HTTPS

Workflow Solutions for Very Large Workspaces

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

Web Work Module User s Guide

Accessing the Media General SSL VPN

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

Sophos Mobile Control Installation guide

LogLogic General Database Collector for Microsoft SQL Server Log Configuration Guide

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

eadvantage Certificate Enrollment Procedures

Instructions for Microsoft Outlook 2003

Using Internet or Windows Explorer to Upload Your Site

Active Directory integration with CloudByte ElastiStor

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Phone Manager Application Support OCTOBER 2014 DOCUMENT RELEASE 4.1 SAGE CRM

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

How to Copy A SQL Database SQL Server Express (Making a History Company)

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

NASDAQ Web Security Entitlement Installation Guide November 13, 2007

NSi Mobile Installation Guide. Version 6.2

CLEO NED Active Directory Integration. Version 1.2.0

The cloud server setup program installs the cloud server application, Apache Tomcat, Java Runtime Environment, and PostgreSQL.

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

WhatsUp Gold v16.2 Installation and Configuration Guide

JAMF Software Server Installation Guide for Windows. Version 8.6

Web Manual: September 2014

Update Instructions

ECA IIS Instructions. January 2005

Installation Guide ARGUS Symphony 1.6 and Business App Toolkit. 6/13/ ARGUS Software, Inc.

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Configuring Microsoft RADIUS Server and Gx000 Authentication. Configuration Notes. Revision 1.0 February 6, 2003

Management Reporter Integration Guide for Microsoft Dynamics GP

An Overview of the Secure Sockets Layer (SSL)

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

MultiSite Manager. Using HTTPS and SSL Certificates

OneStop Reporting OSR Portal 4.6 Installation Guide

CA NetQoS Performance Center

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

SQL Server 2008 and SSL Secure Connection

SELF SERVICE RESET PASSWORD MANAGEMENT WEB INTERFACE GUIDE

FileMaker Server 14. FileMaker Server Help

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

Entrust Managed Services PKI

Enterprise Toolbar User s Guide. Revised March 2015

HELP DOCUMENTATION SSRPM WEB INTERFACE GUIDE

Transcription:

Client SSL Integration Guide Version 8.2 December 15, 2015 For the most recent version of this document, visit our documentation website.

Table of Contents 1 Client SSL integration overview 3 2 System requirements 3 3 Certificate authorities 4 3.1 Certificate authority general guidelines 4 4 Configuring the Relativity website for client SSL 4 5 Configuring Relativity user information with client SSL 5 6 Log in to Relativity with a certificate 5 7 Client SSL integration troubleshooting 6 7.1 Invalid credentials 6 7.2 Certificate not found on client 7 8 Server certificates 7 Relativity Client SSL Integration Guide - 2

1 Client SSL integration overview Relativity allows you to integrate with Client SSL (Secure Sockets Layer). Certificates are digital identification documents that allow both servers and clients to authenticate each other. If you want the server and client browser to set up an SSL connection over which encrypted information can be sent, certificates are required. These credentials grant users secure access to the system. Note: The Relativity login page serves as a repository for login credentials, i.e., no Client SSL-related dialogs will appear during the login process. 2 System requirements Certificate-based SSL features in IIS consist of a server certificate, a client certificate, and various digital keys. You can obtain certificates through Microsoft Certificate Services or from a mutuallytrusted certification authority (CA). Client SSL integration with Relativity requires the following: Working installation of Relativity Valid server certificate configured on web server hosting Relativity Relativity Client SSL Integration Guide - 3

IIS configured to require certificates for the Relativity web site over an HTTPS binding Digital certificate issued to any client computer accessing Relativity 3 Certificate authorities You can obtain certificates through Microsoft Certificate Services or from a mutually trusted certification authority (CA). The primary responsibility of a CA is to confirm the identity of a party seeking a certificate. Identity confirmation ensures the validity of the identification information contained in a certificate. Note: If you do not issue your server certificate(s) through Microsoft Certificate Services, a third-party certification authority must approve your request and issue your server certificate. 3.1 Certificate authority general guidelines Before issuing a certificate, a CA requires you provide identification information such as: o o o Name Address Organization A CA may correctly verify the identity of a certificate owner. However, the CA cannot provide conclusive proof of the identity, trustworthiness, or intentions of the user or servers. 4 Configuring the Relativity website for client SSL The web server hosting Relativity requires a valid HTTPS binding which requires a valid server certificate. With a server certificate in place, the Relativity virtual directory must accept client certificates. Configure Client SSL in IIS with the following steps: 1. Open IIS Manger. 2. Navigate to the Relativity virtual directory and select Relativity. 3. Double-click SSL Settings. 4. Select Require SSL. 5. Select Accept or Require under Client certificates. Relativity Client SSL Integration Guide - 4

Accept - the web server accepts client certificates and verifies client identity in order to allow or deny client access to content. Require - the web server requires that certificates verify client identity in order to allow client access to content. 6. Click Apply in the Actions pane. 5 Configuring Relativity user information with client SSL Within Relativity, Client SSL authentication is configured on a user level. To associate a Relativity user with a digital certificate: 1. Log in to Relativity using admin credentials. Note: End user computers must have a valid client digital certificate from a trusted certificate authority or they will not be able to reach the Relativity login page (403 Forbidden message appears instead). 2. Select the Users tab. 3. Click the Edit hyperlink next to an existing user. 4. In the Email Address field the email address specified must match the email address in the Subject Email of the issued certificate. 5. In the User Information field, set the Authentication Data field to clientsslcertification: followed by the computer name of the issuer of the client certificate. This information provides Relativity with the associative link it needs to connect to the digital certificate (e.g., clientsslcertification:issurercn). For example, if the issuer of the trusted certificate was kcura-chiprodcs01-ca, the Authentication Data field would read, clientsslcertification: kcura-chiprodcs01-ca. The issuer name may contain spaces. 6 Log in to Relativity with a certificate Once Relativity user information has been configured with Client SSL, users are able to log in with the following credentials: A valid Relativity account user name (email address) A valid Relativity account password Relativity Client SSL Integration Guide - 5

A valid client certificate A typical client certificate contains identification information about a user and the organization that issued the certificate, as well as a public key. Relativity uses client certificate authentication, along with SSL encryption, to verify the identity of users by the login page. Relativity first checks that a valid certificate has been sent from the client and then authenticates the username and password. Relativity checks the following criteria to verify the validity of a certificate in the order listed: Certificate contains a Subject field with the value of E=email address where email address matches the email address for the user in Relativity Certificate contains a Issuer field with the value of CN=issuer computer name where issuer computer name matches the authentication data for the user in Relativity User is logging in on a date within the Valid from and Valid to fields in the certificate The web browser automatically sends the certificate to Relativity if the following criteria have been met: Certificate is installed in the certificate store on the user s computer Certificate has an intended purpose of Client Authentication Relativity web site has been set up to accept or require certificates in IIS SSL Settings 7 Client SSL integration troubleshooting 7.1 Invalid credentials If a user receives an Invalid Credentials message upon login, query the Details column in the AuditRecord table of the EDDS database for any the following Client SSL error messages: Certificate was not found on client (this message indicates the certificate was not installed on the client computer or the certificate is not for Client Authentication) Certificate email address does not match email address used to log in Certificate issuer name and user's AuthenticationData field do not match Certificate is either expired or not yet valid SQL Query for AuditRecord table: SELECT [Details], [Action] FROM [AuditRecord] ar INNER JOIN [User] u ON ar.userid = u.artifactid WHERE u.emailaddress = user@domain.com' AND ar.[details] LIKE '%Certificate%' Note: Replace 'user@domain.com' with the user's email address as it exists in Relativity. Relativity Client SSL Integration Guide - 6

7.2 Certificate not found on client To ensure the client sends the client certificate to the Relativity web server, disable the Don t Prompt for Client Certificate option in Internet Explorer. To disable this option: 1. Open Internet Explorer on the user s computer. 2. Open the Relativity login page in Internet Explorer. 3. Verify the security zone used by Internet Explorer in the browser Status Bar. 4. Open Internet Options from the Tools menu. 5. Select the Security tab. 6. Select the security zone used by Internet Explorer for Relativity. 7. Click the Custom Level button. 8. Under the Miscellaneous section in Security Settings, select Disable for the Don t prompt for client certificate selection when only one certificate exists. After disabling this option, try to log in to Relativity again. If you are not prompted for your client certificate, then Internet Explorer is unable to find a valid certificate marked for client authentication. The certificate is sent as part of the SSL handshake, a process that occurs outside of Relativity. 8 Server certificates Server certificates provide a way for users to confirm the identity of the Relativity web site before they transmit login information. A server certificate contains detailed identification information, such as the name of the organization affiliated with the server content, the name of the Relativity Client SSL Integration Guide - 7

organization that issued the certificate, and a public key used to establish an encrypted connection. This information assures users of the authenticity of web server content and the integrity of the SSLsecured connection. Relativity Client SSL Integration Guide - 8

Proprietary Rights This documentation ( Documentation ) and the software to which it relates ( Software ) belongs to kcura LLC and/or kcura s third party software vendors. kcura grants written license agreements which contain restrictions. All parties accessing the Documentation or Software must: respect proprietary rights of kcura and third parties; comply with your organization s license agreement, including but not limited to license restrictions on use, copying, modifications, reverse engineering, and derivative products; and refrain from any misuse or misappropriation of this Documentation or Software in whole or in part. The Software and Documentation is protected by the Copyright Act of 1976, as amended, and the Software code is protected by the Illinois Trade Secrets Act. Violations can involve substantial civil liabilities, exemplary damages, and criminal penalties, including fines and possible imprisonment. 2015. kcura LLC. All rights reserved. Relativity and kcura are registered trademarks of kcura LLC. Relativity Client SSL Integration Guide - 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information