A new Trusted Manager object is added for each Manager imported in the system. It contains both the CA certificate and the contact information for the Manager. Administrators can edit any information associated with the Trusted Manager except its name (Trusted Managers are named according to the Manager fully qualified domain name from which they were exported.).
The Administration>Trusts>Managers view is composed of the following administrative actions:
To modify properties, click the Edit button from the action bar.
To edit contact information associated with a Trusted Manager, in the Contact Information tab, update the information in the appropriate prompt and click OK.
Access permissions allow administrators to associate users and groups with selected type of privileges. For information on enabling permissions, see Understanding Users.
When you delete a Trusted Manager from the system, you are prompted to remove the Trusted Manager's CA certificate from the agents to which it has been assigned. Deleting a Trusted Manager does not delete the organization and agents associated with it.
To delete a Trusted Manager:
To remove a trust from an agent:
Root Certificates are certificates imported from other sources. Local Certificates are agent certificates installed from the selected Manager. The Multi-Manager and Third-Party Certificates pages displays the third-party and multi-manager certificates added to Signiant, and include information about the dates when certificates expire, when they were revoked, when they were issued and so on. Click the drop-down arrow beside each column to filter on which columns appear, and the information that appears in them. For example, you can filter the Expiry Date field so that only certificates that expire before, after or on a certain date appear. You could also remove this column entirely from the display by choosing Column and removing the check beside it. From this screen you can also add, edit, delete and export root certificates, or install keys, revoke certificates, download the certificate revocation list (CRL) or change the CA passphrase for local certificates.
The Administration>Trusts>Root Certificates view is composed of the following administrative actions:
To add or edit a third-party or multi-manager certificate:
You can delete only third party certificates, not certificates added as part of a multi-manager import (because these are tied to another Manager). Deleting a third-party certificate here does not remove it from the agents to which it has been applied.
To delete a third-party certificate:
To export a third-party or multi-manager certificate:
The local certificates displays the certificates of agents installed from the Manager. Administrators can filter each column to create a view of agents with certain names, organizations, whose certificates are going to expire before, after or on a certain date, by status, revocation/issue date or serial number.
To manage local certificates:
The CA (Certificate Authority) Admin Passphrase is used to perform CA administrative functions (for example, requesting installation keys). The first time you use any CA function during a session, you are prompted for the CA Admin Passphrase. The passphrase is then cached, which means you do not have to retype it for other tasks that require the CA Passphrase at any time during the existing session. Once you log out of the Web UI the passphrase is no longer cached, and you must retype it the next time you log on and wish to complete a task that requires the passphrase.
Note: The passphrase must be at least seven characters. If you change the passphrase, make sure you record it in a safe place. If you lose this information, it cannot be recovered and you will have to re-install the Manager.
To change the CA Admin Passphrase:
Installation keys are for one-time use at installation time. They allow administrators to control the number of agents to be installed. Installation keys are associated with an organization. When you request an installation key, the Certificate Authority on the Manager returns a list of valid installation keys, which you can use to install agents, or give to users to install them. The number of keys available to an organization is based on the maximum number of agents associated with an organization. By default, keys are valid for five days. You can make them valid for up to 30 days by editing the Authentication (Installation) Key Life Span (days) field in the Certificate & Key Properties screen. You can also make an organization keyless, allowing for agents to be installed against that organization without requiring keys.
When you request installation keys, you can choose to generate the number of remaining keys without invalidating any existing, unused keys, or you can choose to generate new keys and invalidate all previously-generated installation keys. If you choose to invalidate all previously-generated keys, a user who has an unused installation key will need to get a new one in order to install an agent. You cannot generate installation keys for organizations that are keyless.
To retrieve a list of installation keys:
Revoking an agent's certificate does not remove the agent software from the agent. Once you revoke an agent's certificate, the only way the agent can take part in transfers again is if it is re-installed. You can also revoke the certificate of an agent imported as part of a Multi-Manager configuration. Revoking an agent's certificate is irreversible.
To revoke an agent's certificate: