Configuring CoreOS for MFA

There are two CA (Certificate Authority) certificates that you need to configure CoreOS systems for multi-factor authentication (MFA):

  • A CA certificate for the Centrify Platform
  • A CA certificate for the Centrify Connectors

In order for multi-factor authentication (MFA) to work on CoreOS systems, you must install the required certificates:

  • Manually copy your Centrify Platform CA file and update the CoreOS system to include it in its bundle of certificate authorities, if the CA file isn’t on the system already.
  • Manually copy the IWA root CA certificate for Centrify Connectors to your CoreOS system update the CoreOS system to include it in its bundle of certificates.

If you’re using a cloud-based Centrify Platform instance, your CoreOS instance usually has the CA certificate installed already. If you’re using the on-premise version of Centrify Platform, you need to install the CA certificate manually.

To configure CoreOS system for MFA:

  1. If it’s not already on the CoreOS system, copy your PEM-encoded Centrify Platform CA file to the /etc/ssl/certs directory on the CoreOS system.
  2. Copy the IWA root CA certificate for Centrify Connectors (with a .pem file suffix) to /var/centrify/net/certs (which is linked to /etc/ssl/certs).

    Note:   You can get the trusted IWA certificate in the Admin Portal.

  3. Run the update-ca-certificates CoreOS script to update the system bundle of Certificate Authorities.

    All programs that run on the CoreOS system will now trust the CA that you just added