Certificate

Once done CSR file import, an administrator can configure a certificate template in memory cache based on imported CSR, configure various attributes and finally click the "Create Certificate" button to create a certificate file from the working cache.

The created certificate file is put into the SyncOffice Manager's \repository_certificate subfolder. Sample file list under such folder is like as follows.

cert-folder

The certificate is an INI file format text file, with a file naming syntax similar to CSR file, but with a suffix of .crt. The file name consists of two parts. The first part is the UserID of the end-user. The second part is his working PC name. If its CSR was created under Windows, the PC name is from the "Device name" of Windows "This PC" property.

The certificate needs to be copied manually into the end-user's SyncOffice suite application folder.

When use with SyncOS, it will be encrypted into .crt.tes file and then copied into live USB drive at SyncOS live USB creation time.

When SyncOffice-VA is used with certificate, customer can use WinISO etc third party iso utilities to insert the certificate into the SyncOffice-VA iso image file. The inserted certificate can be original .crt file, or encrypted .crt.tes file. SyncOffice-VA can decipher both formats.

The following screenshot shows a sample certificate file content.

cert-content

[CSR] Section

The CSR section of certificate is imported from its CSR file. It indicates who is the user and his password, which is his target PC's name and its fingerprint. This is uniquely identified as user/device pair as base for authorization and counting by Teleon service licensing.

[Certificate] Section

The Certificate section contains a unique CertificateID and the certificate creation time.

Different certificates may be generated to an end-user for the same PC in different time. To uniquely identify a certificate, a random UUID like string is generated as this certificate's identifier.

There are 4 CertData entries. The value of these key-value pairs are mainly used for certificate data integrity check. When a certificate is opened, its data content will be audited against these CertData entries. Atomic modification on a data entry using other text editing tool may corrupt the data integrity of the certificate.

[SessionCache] Section

The SessionCache section logs the certificate login status history data.

Each SyncOffice login and working period is a work session. During a session, the Login Extension is not constantly TCP connected to the RAS/RSS or any other remote support servers. After authorization, TCP/HTTP connection is disconnected, and a session timeout timer is started. During the session valid time, following authorization status data query by various procedures and functions may check against these SessionCache section data.

[Data] Section

The Data section is where to store certificate defined authorization attributes. They define authorized privileges/rights, conditions and action-flags. There are 36 key-value pair data. All are AES encrypted.

Detailed individual attribute will be described in the related chapters.