Configuration Overview

The main tool for certification and certificate attributes configuration is SyncOffice Manager. Here is a brief description for certification and authorization infrastructure configurations using SyncOffice Manager. For more technical details, please review the following related chapters.

SyncOffice Manager Settings

SyncOffice Manager itself as an application has its own settings. They are contained in an INI file SyncOfficeManager.ini, which is located in the same folder of the application.

Most important parameters are application credentials, such as SyncOffice Manager login password, as well as MySQL password etc. SyncOffice Manager initially starts with default passwords. After first time launch and login, customer should modify these passwords to his own.

Certificate and CSR

To create a certificate for an end-user on one of his device, a Certificate Signing Request (CSR) needs to be generated from that device in the name of the end-user. The CSR is a plaintext test file; its footprint data is encrypted. The CSR file should be manually copied into \repository_certrequest subfolder of the SyncOffice Manager application.

A certificate is generated for a specific CSR, so it's the same to CSR that it's unique for end-user's name and device pair. A certificate is also an INI file, has a number of data entries. Each data entry is a K-V pair. The key name is a plaintext string, while the value is an encrypted string. Typically, the value is an attribute data, a data for authorization used conditions, constraints or action flag.

Both CSR and certificate can be saved into local MySQL database. Typically, certificate data read and update operation is on a set of string array cache in the memory. After configured the certificate data in the array cache, customer can click "Create certificate" button to generate a portable certificate file from the working cache. The certificate file has a file extension of .crt.

Certificate Configuration - Global

Certificate global configuration data has two main parts: the customer corporation commonly shared data, and a global level template of certificate attributes data.

Corporation commonly shared data includes its own RAS server settings, and its different group arrangement.

Certificate Configuration - Group

Certificate group configuration data is used for different department under one corporate realm. It also contains two parts: group level setting and group level template for certificate attributes data.

Most important data is the group "password-key". Each group should have different password-key. Each end-user assigned to a group will apply its unique password-key when save an opened document. Therefore The saved document can only be opened by the end-user of the same group.

Certificate Configuration - User

Customer administrator should set up a user list database to manage his end-users. Each user should have own certificate attributes data template. To create different certificates for the same end-user, the administrator can just apply his template on the working certificate array cache and only modify those few data with unique difference.