Certificate Manager
This tool helps to identify untrusted certificate usage.
Most AutoStore components can act either as:
- Clients of remote servers, for example Share Point, OneDrive, and GoogleDrive components.
- Servers, that provide services for AutoStore clients, for example SMTP capture, Interactive Capture.
The Certificate Manager tool tracks and monitors certificates that are used when the AutoStore components act as a client. This way it contributes to build a secure environment.
When secure communication certificates are issued by the servers, the clients may validate them and accordingly this tool does not track AutoStore server certificates.
The certificate manager has the following options:
Option | Description |
---|---|
Permissive with tracking |
All certificates from remote servers are accepted. The log can be used to check which AutoStore components built a secure communication channel using a certificate issued by a remote server. The log includes the timestamp of the last usage of such certificate and whether the certificate is trusted by the operating system running the AutoStore server or not. |
Allow trusted certificates only |
All certificates are logged, but only the certificates trusted by the operating system and domain policy are accepted. In this mode, components are not able to connect to a remote server whose certificate is not trusted. |
-
The Certificate Manager Tool does not track and validate certificates when the AutoStore component is running as a server. In this case, certificate validation can be performed by the client connected to the AutoStore.
-
The Certificate Manager can help system administrators detecting certificate issues where the connection to a remote server is rejected due to untrusted or invalid certificates.
-
Some AutoStore server components perform self-tests, during which an internal secure connection is built. It means the component acts a server and as a client of itself at the same time. In these cases even a server component can show up in the Certificate Manager log since it behaves as a client as well.
To open the Certificate manager, select
on the AutoStore Process Designer ribbon.This settings tracks the certificates of the following modules:
-
APD/batch: administrative alert email (SMTP)
-
Capture components using Send to Mail form and support EWS
-
Licensing (Flexnet)
-
SMTP Gateway
This settings tracks the certificates of the following components:
-
Alfresco
-
DirectoryServices
-
Document Transformation
-
DocuShare
-
FileNet P8
-
Ftp Poll
-
FujiXerox Apeos (device, registration)
-
HP OXPd16 (OutputManager integration)
-
IMAP Capture
-
Interactive Capture
-
Kofax Total Agility
-
Konica Minolta iOption
-
Konica Minolta (OutputManager integration)
-
Kyocera HyPAS (device)
-
MicroFocus
-
NetDocuments
-
Notification
-
Office 365 email
-
POP3 Email
-
Print Job Submission
-
Ricoh Smart (device, registration, OutputManager)
-
Samsung Smart UX
-
Send to FTP
-
Send To Http
-
Send To Mail Recipient (SMTP, EWS)
-
SharePoint
-
SharpOSA
-
Toshiba
-
Unified Client
-
Web Capture
-
Web Capture Xerox EIP (device, registration, OutputManager)
-
Workflow Job Submission
- Certificate whitelisting
-
Depending on the environment, in some cases the certificate validation may take too long (several minutes due to the revocation list check), which may cause the initiating component to lose connection. To avoid this error, the certificate may be whitelisted.
To whitelist a certificate, select the certificate on the Certificate Manager's Tracked certificates tab or Log tab, and click the Selected to the whitelist button.
You can view the certificates that have been whitelisted on the Certificate white list tab. To remove a certificate from the whitelist, select the certificate and click the Remove selected button.
In the certificate usage logs, you can see which certificates have been accepted due to whitelisting.