Configuring CoreOS for MFA

There are two CA (Certificate Authority) certificates that you need to configure CoreOS systems for multi-factor authentication (MFA):

  • A CA certificate for the Centrify Identity Platform
  • A CA certificate for the Centrify connectors

In order for multi-factor authentication (MFA) to work on CoreOS systems, you must install the required certificates:

  • Manually copy your Centrify Identity Platform CA file and update the CoreOS system to include it in its bundle of certificate authorities, if the CA file isn’t on the system already.
  • Manually copy the IWA root CA certificate for Centrify Connectors to your CoreOS system update the CoreOS system to include it in its bundle of certificates.

If you’re using a cloud-based Centrify Identity Platform instance, your CoreOS instance usually has the CA certificate installed already. If you’re using the on-premise version of Centrify Identity Platform, you need to install the CA certificate manually.

To configure CoreOS system for MFA:

  1. If it’s not already on the CoreOS system, copy your PEM-encoded Centrify Identity Platform CA file to the /etc/ssl/certs directory on the CoreOS system.
  2. Copy the IWA root CA certificate for Centrify Connectors (with a .pem file suffix) to /var/centrify/net/certs (which is linked to /etc/ssl/certs).

    Note:   You can get the trusted IWA certificate in the Centrify Admin Portal.

  3. Run the update-ca-certificates CoreOS script to update the system bundle of Certificate Authorities.

    All programs that run on the CoreOS system will now trust the CA that you just added