Certificates
Certification is the first step in securing a system. Each user must have a certificate to authenticate access to the system. Each certificate consists of two related files: a public certificate file and a private key file. The private key file can only be accessed by specifying a password, which must be issued to the user who is identified by the certificate.
Certification begins with a CA or Certificate Authority. This is the entity that issues certificates and vouches for the information that they contain. Infor is the ultimate CA for a system. All system certificates must be generated from within the system and reference Infor as the ultimate CA. Certificates are not recognized from other CAs such as Verisign.
Infor issues customer CA certificates to organizations that purchase the system with basic and advanced security.
The customer CA certificate makes the purchasing organization a CA and empowers it to issue its own user certificates and server certificates.
User certificates, also known as client certificates, are copied to computer systems that run clients. The associated passwords are given to the users of those computer systems.
Server certificates are set up during installation of host servers and the security server, and invoked automatically without user intervention. Then they are invoked whenever the requirement arises.
Infor gives the organization a unique CA public certificate file, a unique CA private key file, and a CA password. These are specified during security setup. That same CA password is given to the security administrator to authenticate access to Certificate Manager.
When a user logs on to a GUI, certificates are used to establish two SSL connections. The first one is between a client and a host server, and the second is between that host server and the security server.
The system verifies that the user certificate is one that was issued by the customer CA. It also verifies that the customer CA certificate is one that was issued by the Infor CA.
After the login is complete, the user is granted the permissions that are associated with the user certificate.
The security administrator must safeguard the private key file. Public certificate files and public key files may be exchanged freely, but exchanging a private key file with anyone can compromise an SSL-secured connection. Therefore, Infor never distributes its CA private key file.