There are two CA (Certificate Authority) certificates that you need to configure CoreOS systems for multi-factor authentication (MFA):
- A CA certificate for the Centrify Platform
- A CA certificate for the Centrify Connectors
In order for multi-factor authentication (MFA) to work on CoreOS systems, you must install the required certificates:
- Manually copy your Centrify Platform CA file and update the CoreOS system to include it in its bundle of certificate authorities, if the CA file isn’t on the system already.
- Manually copy the IWA root CA certificate for Centrify Connectors to your CoreOS system update the CoreOS system to include it in its bundle of certificates.
If you’re using a cloud-based Centrify Platform instance, your CoreOS instance usually has the CA certificate installed already. If you’re using the on-premise version of Centrify Platform, you need to install the CA certificate manually.
To configure CoreOS system for MFA:
- If it’s not already on the CoreOS system, copy your PEM-encoded Centrify Platform CA file to the /etc/ssl/certs directory on the CoreOS system.
Copy the IWA root CA certificate for Centrify Connectors (with a .pem file suffix) to /var/centrify/net/certs (which is linked to /etc/ssl/certs).
Note: You can get the trusted IWA certificate in the Admin Portal.
Run the update-ca-certificates CoreOS script to update the system bundle of Certificate Authorities.
All programs that run on the CoreOS system will now trust the CA that you just added