Configuring SSL certificates

You can configure how OneSpan Authentication Server performs encrypted communication via the Configuration Wizard, either during or after installation.

Configuring SSL certificates during installation

When installing OneSpan Authentication Server, the OneSpan Authentication Server Setup Utility will automatically launch the Configuration Wizard.

You can use this wizard to configure SSL certificate settings for the following:

• SOAP communicator module
• SEAL communicator module
• RADIUS communicator module
• Message Delivery Component (MDC)
• Live auditing via the Audit Viewer

During a basic installation, an SSL certificate is generated automatically for each component.

During an advanced installation, you can specify whether to create an SSL certificate for each component or use an existing SSL certificate.

Configuring SSL certificates after installation

To configure SSL certificate settings after installation, you can use the Install SSL Server Certificate wizard via the Maintenance Wizard.

This allows you to do the following:

• Install an existing SSL certificate.

• Generate and install a new test SSL certificate (self-signed).

  The test SSL certificate generated by the Maintenance Wizard has a limited life span and must be renewed periodically. To avoid having to renew the test SSL certificate periodically you should purchase an SSL certificate.

• Request a commercial SSL server certificate.

For more information about default file names and location of generated certificates and certificate files, see Certificates generated via the Configuration Wizard.

If you want to use a commercial SSL certificate with OneSpan Authentication Server, you will first need to do the following:

• Obtain the server certificate and private key in PEM format.
• Note the location of the server certificate file.
• Know the passphrase for the private key.
• Know the password for the CA certificate store