Certificates generated via the Configuration Wizard
You can configure how OneSpan Authentication Server performs encrypted communication via the Configuration Wizard, either during or after installation.
The Install SSL Server Certificate Wizard (via the Configuration Wizard) allows you to generate a TLS/SSL certificate for one component (i.e. SEAL communicator, SOAP communicator, RADIUS communicator, or Message Delivery Component (MDC)) at a time.
When generating a TLS/SSL certificate, the default name of the PEM file depends on the component the certificate was generated for:
- ikey_component_cert.pem (certificate)
- ikey_component_serverca.pem (certificate authority)
For example, the generated certificate and certificate authority files for the RADIUS communicator would be ikey_radius_cert.pem and ikey_radius_serverca.pem, respectively.
By default, the generated certificate and certificate authority files are located in:
/etc/vasco/ias (Linux)
%PROGRAMFILES%\VASCO\IDENTIKEY Authentication Server\bin (Windows)
The self-signed TLS/SSL certificates created by the OneSpan Authentication Server Configuration Wizard contain only the IP address in the subject alternative name (SAN). If you need to use the FQDN when establishing the connection, you have to create a certificate that contains the FQDN in the SAN.