Managing X509 certificates

What is an X509 certificate?

An X509 certificate is a digital document that certifies that a certain public key is owned by a particular user. This document is endorsed by a third party called a certificate authority (CA). A user who has a valid certificate can use it to access secure web resources, such as the site.

Certificates work in this sequence:

  1. The client sends the user certificate (which includes the user's public key) to the server.
  2. The server uses the CA certificate to check that the user's certificate is valid.
  3. The server uses the user certificate to check from its mapping files whether login is allowed.
  4. If login is allowed, the user logs in normally.

Getting a certificate

The user must request an X509 certificate from a commercial certificate authority (CA) such as Verisign, or from a CA operated by their own organization. Consult your project management authorities for information about how your organization generates and assigns certificates.

Adding a user certificate

When a user requests certificate access, you can add that user's X509 certificate to the site. Follow these steps:

  1. Get the user's X509 certificate information.
  2. Click the Administration tab.
  3. In the lef navigation bar, click Certificate management.
  4. On the Certificate management screen, select Domain certified users or Host certified users.
    • If the user can manage all projects within this domain, select Domain certified users.
    • If the user can manage the machine hosting this domain, select Host certified users.
  5. Click Add user certification.
  6. Enter the user name of the user.
  7. In the Distinguished name field, enter a comma-separated list of name-value pairs that describes the user's certificate.

    For example, the following could be a distinguished name:

    O=CollabNet/OU=Entertainment Department/CN=John Doe/
  8. Click Create user certification.

Removing a user certificate

When a user's X509 certificate is revoked, you can remove the record of that user's certificate from the site. Follow these steps:

  1. On the Certificate management screen, select Domain certified users or Host certified users.
  2. Check the box next to the record of any user you want to remove.
  3. Click Delete selected certificates.

Note: Before deleting a user certificate, check with your organization's project management authorities. Some organizations maintain a policy of keeping certificate records after the certificates are revoked.