Configuration

This panel is only accessible by users with the Admin privilege.

System Settings

The entities in the System settings are preconfigured with default generated values and can be modified.

System Entities available for editing
System Entity Description

System Realm

The currently selected realm.

User Certificate Policy

This policy is used to request a certificate for a user of the CLM platform. The user can then access CLM functions through the CLM-UI.

CMP Policy

This policy is used to import certificates for CMP and SCEP operations.

Active Crypto Module

This crypto module encrypts keys and secrets, such as passwords of end entities, API clients, and keystores. Additionally, it can generate random numbers.
The System Realm includes the SYSTEM USER CERTIFICATE POLICY, the SYSTEM CMP SIGNER CERTIFICATE POLICY and the RA certificates. These system policies are configurable as well. They are the default choice for the creation of new user RA certificate, and the management of certificates used in CMP, like the signer’s certificate.

Configure System Settings

To configure the system entities, press Edit in the System Settings section. In order to be able to modify the user certificate policy, and the CMP policy the system realm must be configured. In order to modify the system realm, the previously selected realm as the system realm must be archived and deleted.

E-Mail Settings

Below are the E-Mail attributes available for editing:

  • Host

  • Port

  • Username

  • Password

  • Protocol

  • Authentication Enabled

  • StartTLS Enabled

  • Email Sender

  • Email Signature

Configure E-Mail Settings

To configure the mail server press Edit in the E-Mail Settings section.

The password is never retrieved from the server. It will only be updated if Save is pressed with the password field not empty. In order to remove the password completely, press Disable password.

Check E-Mail Settings

Using the Send Test E-Mail button at the top of the mail settings section, you can check the E-Mail settings configuration.

For the Send Test E-Mail button to be available, an e-mail address is required. This functionality is not supported for API Clients.

Connection Settings

The fields included in the connection settings are the TLS Version which is used to specify the TLS protocol that will secure the connections, and the Connection Timeout (Seconds) which defines the TTL (Time To Live) of the connections.

Configure Connection Settings

To configure the connection settings, press Edit in the Connection Settings section.

Application Settings

Application Properties available for editing
Application Property Description

Expiring Certificates Notification Intervals Days

Number of days before expiration, that the Expiration Notification Task should sent notification E-Mails.

Expiring Certificates Renewal Limit Days

Number of future days, relative to each certificate’s expiration date, that an end entity’s certificate must be still valid, for the other end entity certificates to be considered renewed and not require expiration notification.

Private Key Password Policy

N/A

End Entity Password Policy

N/A

API Client Password Policy

N/A

Configure Application Settings

To configure the connection settings, press Edit in the Connection Settings section.