Document toolboxDocument toolbox

(12.04.120) Device Communication Certificates in the IGEL UMS

In the section Device Communication, you can manage certificates for the communication between the IGEL Universal Management Suite (UMS) and the devices. The preconfigured certificate, which has the Keystore alias "tckey", is used by default if no changes are made.

You can set a different certificate as default; if you do so, all newly registered devices will use this certificate, and already registered devices will replace their previously used certificate with the new default certificate.

No Support

Certificate chains and expired certificates cannot be imported. Certificates that use the MD5 algorithm are also not supported.


Menu path: UMS Administration > Global Configuration > Certificate Management > Device Communication

 

At an interval of 5 minutes, the UMS checks whether the certificate on the device and the default certificate are still identical.

If a device does not support the default certificate, the UMS checks for each certificate whether it is supported, starting from the top of the list. The first one that matches the requirements will be used. If no certificate matches, the device is not registered.

If you select a certificate in the area Device Communication, all devices which use this certificate are shown in the area Devices which use the selected certificate (<number>).

High Availability

If you are running the UMS in a High Availability (HA) network, be aware that if you make changes to certificates (import of a key pair, generation of a new key pair, deletion, activation/deactivation of a certificate, changes of a certificate's priority), a new network token is automatically generated and you will have to define a location in which the new network token should be stored. The changes are then automatically synchronized within a HA network, and no restart of the IGEL RMGUIServer/igelRMserver services is required.

 

 

Possible Actions

image-20240617-134830.png - Import a certificate from a file.
The private key must be included in the file. The file path is provided under Keystore file and the import password is entered under Keystore password. The certificate's signature algorithm is checked. If the signature algorithm is not supported by the UMS, the certificate is not imported.

 

 

 

image-20240617-134840.png - Generate a new certificate.

image-20240617-134847.png - Delete the selected certificate.

 

image-20240617-134908.png - Move the selected certificate up in the list to increase its priority.

 

image-20240617-134922.png - Move the selected certificate down in the list to decrease its priority.

image-20240617-134929.png - Activate the selected certificate. When a certificate is activated, it can be used for communication between UMS and devices.

image-20240617-134936.png - Deactivate the selected certificate. A deactivated certificate will not be used when a new device is registered. If a certificate is deactivated while it is in use, communication between UMS and device is still possible. If only 1 certificate is active, this certificate can not be deactivated.

image-20240617-134942.png - Export the selected certificate.

image-20240617-134947.png - Export the key pair of the selected certificate.

image-20240617-134952.png - Show the content of the selected certificate.Â