Certification

Certification is the first step in securing a system. You can use the Certificate Manager to create certificates that authorize user entry. Each user must have a certificate.

Each certificate consists of these related files:

  • Public certificate file
  • Private key file
Note: To obtain these files, go to the Infor Support Portal or Concierge and create a case to have the certificate files generated for you. Provide the name in which the certificates must be generated. A security upgrade can be completed only if these two files have been copied to your computer.

The private key file is accessed only by specifying a password, which must be issued to the user that is identified by the certificate.

Certification begins with a CA or Certificate Authority. This is the entity that issues certificates and vouches for the information they contain. Infor is the ultimate CA for the system, which in turn makes your organization a CA when you install advanced security.

To make your organization a CA, Infor gives it a unique CA public certificate file and a unique CA private key file. A CA password is also given that must be specified during Advanced Security setup.

As the security administrator, you require the CA password so that you can use the CA private key file to access the Certificate Manager.

The security administrator must ensure that the correct files are copied to the correct clients, and that the correct user receives the correct password.

Note: The effectiveness of certification depends on the security of the underlying operating system. Each user must have a unique log-in for any machine that runs a client. Any user who has command-line access to a Host Server must also have a unique log-in for that host machine. If users are permitted to share log-ins at the operating system level, then they can impersonate each other and subvert certification.

Selecting Options > Edit Default Certificate Info opens the Edit Default Certificate Info dialog box, which is similar to the Issue Certificate dialog box. This information is used to pre-populate the user information and expiration date in the certificate issuing process.