Release 4.1 introduces the ability to configure two factor authentication. To take advantage of this new functionality, the following steps must be performed.
- Generate user certificate
- Register user certificate via WebUI
- Configure connector to use 2FA
Generate user certificate
-
Create a user key (user.key)
openssl genrsa -des3 -out user.key 4096
-
Create a Certificate Signing Request (CSR)
openssl req -new -key user.key -out user.csr
-
Sign a CSR using CA and generate the user's certificate; Sign the csr to a certificate valid for 365 days (adjust if needed)
openssl x509 -req -days 365 -in user.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out user.crt
-
Construct a single PEM file with Key and Certificate inside
cat user.key > user.pem; cat user.crt >> user.pem
Register user certificate via WebUI
Go to your account certificates and upload the generated user certificate (user.pem)
Configure connector to use 2FA
Update connector config to use 2FA
[oomnitza]
url = https://subdomain.oomnitza.com
2fa_ssl_certificate = /path/to/user.pem
0 Comments