5 Replies Latest reply on May 30, 2008 10:02 AM by Jed

    Blocked certificates for management gateway

    Rookie

       

      ?:| I was looking through the configuration of the Management Gateway under "Manage Client Certificates" in the console and noticed that many computer names are already blocked.  At first I thought this happened when a device requests a new certificate since many were duplicate device names.  As I continued looking through the list this didn't hold up.  My own PC was listed multiple times and while one was blocked, the other 3 entries weren't.  Session counts and Last Session times were different for each entry?

       

       

      How does LD decide which are blocked and which aren't?  Doesn't seem that this was done manually. 

       

       

      Is there a problem if a single PC has multiple unblocked entries?

       

       

      Thanks

       

       

        • 1. Re: Blocked certificates for management gateway
          Rookie

           

          I'm also interested in the answers to these questions.

           

           

          Also, what is the correlation to the "Blocked Client Certificates" tab in the gateway web interface?

           

           

          • 2. Re: Blocked certificates for management gateway
            Jed SupportEmployee

             

            When a client has a broker certificate and then tries to obtain another one the old one is blocked.  This is working as designed and happens so that multiple certificates belonging to one machine does not happen, possibly compromising security.

             

             

            --Jed

             

             

            • 3. Re: Blocked certificates for management gateway
              Rookie

               

              Thanks for the reply, Jed.

               

               

              So to answer the original poster's question, Multiple un-blocked certs for the same device would indicate a problem of sorts.

               

               

              Do you know how this list of blocked certificates found at "Manage Client Certificates" correlates to the list of Blocked Client Certificates on the gateway itself? 

               

               

              It looks like the blocked certs on the gateway are possibly every certificate that has ever been blocked...thousands.  Do these ever get purged?

               

               

               

               

               

              • 4. Re: Blocked certificates for management gateway
                Jed SupportEmployee

                 

                Sorry, I kind of glossed the first post and it looks like I missed some specific information... 

                 

                 

                I'll look into and see if I can find the exact criteria.

                 

                 

                --Jed

                 

                 

                • 5. Re: Blocked certificates for management gateway
                  Jed SupportEmployee

                   

                  So after looking into this, your other certificates should be getting blocked what you're seeing is not right you should probably call Support and open a support ticket.

                   

                   

                  Because the only reason a client certificate should get repudiated is another certificate has been issued, if multiples are being obtained but some are not repudiated this would be a technical issue we'd need to address.

                   

                   

                  --Jed