Configure External Authentication in the .SEAServer Record
At installation, a record named .SEAServer is created in the parameters file, which enables Connect:Direct® Secure Plus to interface with External Authentication Server during TLS sessions to validate certificates. External Authentication Server properties are configured in this record and enabled/disabled in the local and remote node records.
Complete the following procedure to configure the server properties that will allow Connect:Direct for UNIX to interface with External Authentication Server:
Note: The values specified for this procedure must match the values specified in External Authentication Server.
- Double-click the record called .SEAServer.
- Type the Host Name for External Authentication Server.
- Type the Port Number where External Authentication Server is listening. The default is 61366.
- To enable caching SEAS certificate validation response, select Enable
Caching. When enabled, Connect:Direct Secure Plus can reuse previously fetched certificate validity responses from External Authentication Server that is, cache the responses to ease the certificate validation process when Connect:Direct interfaces with External Authentication Server during a TLS sessions.
- Type the Cache Validity per certificate in hours. Default is 24 hours. Range: 1-720 hours.
- Cache grace validity time per certificate when SEAS is unavailable in hours Type the number of hours when the local cache entry of certificate expires and External Authentication Server is unavailable such that Connect:Direct Secure Plus can accept it from its cache. Default is 0 hours which means cache grace validity time does not apply. Range: 0-720 hours.Note: Cache grace validity time per certificate when SEAS is unavailable in hours should always be greater than or equal to Cache Validity per certificate in hours.
- Click OK to update the record.