Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Implementing PKI authentication

The BMC Server Automation Authentication Server can use public key infrastructure (PKI) to authenticate users who present a type of smart card known as a common access card (CAC). Through ActiveClient middleware, a BMC Server Automation client can access the appropriate certificate and private key on the smart card to authenticate the user.

To verify that a certificate is currently valid, the Authentication Server can access an OCSP Responder. By default, OCSP verification is enabled for PKI authentication. For more information about setting up OCSP, see Setting-up-certificate-verification-using-OCSP.

While logging into a BMC Server Automation client, the user must insert a smart card into a card reader and enter a PIN. If the information the user enters is valid and the OCSP Responder verifies the validity of the user's certificate, the Authentication Service issues the client a session credential.

BMC Server Automation does not provide a default set of trusted CA certificates for use with PKI authentication. If you are implementing PKI, you must obtain certificates from a CA.

For a procedure describing how to set up PKI authentication, see Configuring-PKI-authentication.

Note

In this release, PKI authentication is not supported by the BMC Server Automation Console on 64-bit Windows systems. On a Windows 64-bit system, install and use the 32-bit BMC Server Automation Console.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*