PKI Management

Monkton, Inc.

Authentication is a core tenet of the Rebar Hub and how the Rebar Hub operates. To enable secure authentication, Rebar has support for PKI credentials built into the Rebar Hub. In under a minute, an administrator can configure and enable PKI credential authentication within Rebar.

The Trusted PKI Configuration screen provides the administrator the ability to add or remove trusted PKI certificates for authentication (Requires root and intermediate).

OID Targeting

While not an explict feature of managing trusted PKI certificates, using PKI enables configuration of the mobile app in (App Management) to perform authorization to apps based on OID attributes within the PIV certificates. OID targeting can be enabled or disabled at any time in the App Management portal.

PKI Headless Mode

To use PKI, the administrator must first enable PKI Headless State which allows for PKI to be used as an authentication method. The PKI Headless State will leverage the PKI certificates uploaded via the PKI management portal for authentication.

Tapping the Headless PKI Disabled button will present the modal to toggle the state. To enabled Headless mode, tap Enable Headless

The administrator can enable or disable Headless PKI which enables or disables the use of PKI credentials. If the administrator disables PKI Headless Mode it will prevent users who have authenticated with PKI credentials from using their apps - disabling should be used with extreme caution in production environments.

Tapping the Headless PKI Enabled button will present the modal to toggle the state. To enabled Headless mode, tap Disabled Headless PKI

Steps to Add a new PKI Certificate

The Rebar Hub accept encoded PEM/DER certificates for upload, typically with the *.pfx suffix. These certificates can be a single certificate or a chain of certificates.

— BEGIN CERTIFICATE —
Encoded Certificate
— END CERTIFICATE —

Additionally, multiple certificates can be uploading with a single file, they should follow the following:

— BEGIN CERTIFICATE —
Encoded Certificate
— END CERTIFICATE —

— BEGIN CERTIFICATE —
Encoded Certificate
— END CERTIFICATE —

— BEGIN CERTIFICATE —
Encoded Certificate
— END CERTIFICATE —

Adding a new trusted PKI Certificate is a simple process, follow below to create a new trusted PKI Certificate:

  1. On the Trusted PKI Configuration management screen, tap Add Trusted PKI Certificate
  2. The screen will present a modal dialog Upload PKI Certificate
  3. Tap the File Upload button on the modal dialog and select the certificate you will upload
  4. Tap Upload Certificate- this will upload the certificate and store it within the Rebar Hub
  5. The modal dialog will disappear and the list of trusted PKI certificates will refresh

Select the file to upload

Once the file has been selected tap the Upload Certificate button

Steps to Remove a PKI Certificate

Removing a trusted PKI Certificate carries risk, removing a certificate will remove the users ability to authenticate.

On the trusted PKI Certificate management portal:

  1. Tap the Remove button for the certificate
  2. The certificate will be removed from database
  3. The list of trusted PKI certificates will refresh

Notes

It will take a short period of time (less than a minute) for the updates to propagate to the Rebar Hub API server due to caching.