Administration

An admin can view the system settings in the Administration / Configuration page. The available system entities are the System Realm which is a realm that includes the SYSTEM USER CERTIFICATE POLICY, the SYSTEM CMP SIGNER CERTIFICATE POLICY and the RA certificates. These System policies are also configurable, and they are being used as the default choice for the creation of new user RA certificate, and the management of certificates used in CMP, like the signer’s certificate. The entities in the System settings are preconfigured with default generated values and can be modified.

While in Administration / Configuration page, by pressing edit in the System Settings section, the admin can configure the system entities. In order to be able to modify the user certificate policy, and the CMP policy the system realm must be configured. In order to modify the system realm the previously selected realm as the system realm must be archived and deleted.

An admin can view the mail server settings in the Administration / Configuration page.

While in Administration / Configuration page, by pressing edit in the E-Mail Settings section, the admin can configure the mail server. Note that the password is never retrieved from the server, and it will only be updated if save is pressed with the password field not empty. In order to remove the password completely, the Disable password checkbox must be active when updating.

In the Administration / Configuration page, an administrator can check the mail settings configuration through the Send Test E-Mail button at the top of the mail settings section.

An admin can view the connection settings in the Administration / Configuration page. The fields included in the connection settings are the TLS Version which is used to specify the TLS protocol that will secure the connections, and the Connection Timeout (seconds) which defines the TTL (Time To Live) of the connections.

While in Administration / Configuration page, by pressing edit in the Connection Settings section, the admin can configure the connection settings.

The concept of archiving an existing data record within the MTG Certificate Lifecycle Manager Server offers the ability to disable and render unusable records that are no longer needed. When the user archives a record, the record becomes disabled, it cannot be used in future operations and is considered read-only. It is similar to marking a record for future deletion. There is the ability to revert such an archive action by unarchiving the record and enabling it again.

Upon archive, all child records associated with the archived record become archived, too. On the other hand, upon unarchive only the unarchived record becomes unarchived and child records are not affected.

The archiving operation is only allowed for records that possess no relationship or association to active, not revoked and not expired certificates.

The user can only unarchive an archived record if its associated parent records are not archived.

Additionally, all archived data records become candidates for deletion and can be deleted through the Administration/Archived Data Removal tab. There the option to delete all archived data of each type (Realm, Policy, End Entity, etc) that were archived before a configurable date in the past can be executed by a user with the ADMIN permission. Further details on entities archive/unarchive are provided in each entity’s archive section.

In this panel a user can delete archived entities from a chosen date and before. The available archived entities for deletion are Certificate Requests, Certificates, Policies, End Entities, Realms and Mailing Lists. The user must be very careful when using this functionality, because the deletion of an entity might result in the deletion of other entities that are linked to it (read the available warning message for each case by pressing the delete button).