TOTPRadius - Web Server and LDAPS certificates
The admin panel allows uploading different types of certificates. Navigate to "Web Server and LDAPS certificates" from the left menu
Management interface
The management interface of TOTPRadius is web based and is recommended to be accessed via HTTPS protocol (although HTTP is also supported and can be enabled if needed). In addition to the admin panel functionality, the web server is used for server replication (if configured in master/slave mode) and REST Web API (used for web-based integrations such as Citrix StoreFront self-enrollment, WordPress and ADFS plugins). Therefore, it is recommended to generate and apply the proper web server certificate for these interfaces. The appliance comes with a dummy self-signed certificate that is recommended to be replaced with your own. You can use a public certificate or a certificate issued by your internal CA (if the internal CA trust has been added to all your clients).To update the web certificate files, you need to navigate to Admin Portal -> Web Certificate page and paste the content of the private key and the certificate itself into the corresponding text areas in the Admin panel web certificate section.
VPN Interface
A similar procedure is required for updating the certificate of the VPN Portal running on the same appliance but a different port (9443). As this is the interface facing public internet (via 1:Many NAT from 443 to 9443), a commercial web certificate might be needed. You can also place the VPN portal behind a CDN that can provide the SSL certificate as a part of the service (i.e. Cloudflare).
Click on "Update certificates" button to apply the changes. The web server will need to be restarted to complete the process.
LDAPS CA Certificate
The same page allows uploading your CA Root certificates if you decide to use LDAPS protocol to connect to your LDAP servers. You can also use the built-in tool to retrieve the certificate from your LDAPS server.About
Installation and configuration
- Installation and initial configuration
- Network configuration
- Migrating from older versions
- LDAP Configuration
- Azure AD Configuration
- Self-service enrollment portal
- Web and LDAPS Certificates
- Syslog configuration
- Single-factor authentication exceptions
- Slave appliance mode
- Dynamic RADIUS Attributes
Integration guides
Blog
22-03-2023
iOS Mail or Outlook App for Office 365 Users with Passwordless Authentication
As more and more organizations adopt a passwordless method of authentication, users are faced with the challenge of configuring their email accounts on their mobile devices.
20-03-2023
Unlocking the Benefits of Azure Passwordless with FIDO2 Keys
We understand that some of our customers have questions and concerns about migrating to Azure Passwordless with FIDO2 keys. With this blog post, we aim to address and clarify some of the common queries that may arise regarding the technology.
30-01-2023
Top myths about FIDO2 security keys and Passwordless access
We have been getting quite a lot of questions about the security level of FIDO keys, in the light of some recent news and research papers covering potential vulnerabilities of both the protocol stack itself and the hardware of certain implementations.