Authentication - Manage Client Certificate

Authentication - Manage client certificate

Certificate Expiry and Dependency on Intermediate CA:

1. Certificate Expiry and Dependency on Intermediate CA:
2. 1. Server Certificate Expiry:
   2. A server certificate has a specific validity period, typically ranging from one to two years. This expiry date is hard-coded into the certificate at the time of issuance by the Intermediate CA.
   3. When the server certificate reaches its expiry date, it is no longer considered valid, and a new certificate must be issued to maintain secure connections.
3. Dependency on Intermediate CA:
4. 1. The server certificate's validity also depends on the validity of the Intermediate CA that issued it. If the Intermediate CA's certificate expires before the server certificate, the server certificate will no longer be trusted, even if it has not yet reached its own expiry date.
   2. This is because the trust chain is broken if the Intermediate CA's certificate is expired, meaning that the server certificate can no longer be authenticated as valid.
5. Scenario Example:
6. 1. Imagine a server certificate issued with a 2-year validity, expiring in December 2025.
   2. If the Intermediate CA that issued this certificate is set to expire in June 2025, the server certificate will effectively become untrusted after June 2025, even though it technically still has six months left before its own expiry date.

Implications:

1. Renewal Strategy: It's crucial to monitor not only the server certificate’s expiry but also the expiry of any Intermediate CAs in the certificate chain. Organizations must plan to renew or replace server certificates well before the Intermediate CA expires to avoid service disruptions.
2. Automated Checks: Many organizations use automated systems to monitor certificate chains and alert administrators when any certificate in the chain is nearing expiration.

In summary, while the server certificate has its own expiry date, it is fundamentally dependent on the validity of the Intermediate CA certificate. If the Intermediate CA expires, the server certificate will no longer be valid, even if its own expiry date is still in the future.

 

Purpose – This is important so that the iVeri gateway uses this certificate to authenticate the merchant processed transactions. 

Action: In the menu bar, Select Authentication , Manage Client Certificates. 

Select New Certificate, once the merchant has captured their own client certificate it should appear as indicated. 

Complete your merchant details on the screen below and select Submit.

Download the certificate and save it into your local environment, by clicking the "Download" tab.

Please Note: 

After a period of time the certificate would need to be renewed as it will expire, after which the merchant must select Renew in this menu item .