Tutorial: Use a certificate with Redtrust

Overview

In this tutorial, you'll learn the first steps for using a certificate with Redtrust. It assumes you have basic understanding of digital certificates and want to familiarize yourself with Redtrust.

By the end of this tutorial, you will be able to use Redtrust to access the Sede Digital de la Dirección General de Tráfico (DGT) with your certificate. In other words, you'll learn how to put a certificate to use. If you just installed Redtrust, this tutorial will help you verify that Redtrust was set up correctly.

Background

As described in the Introduction, administrators can manage and configure Redtrust remotely via the admin console. A key feature of the admin console is the ability to define policies, sets of rules that define how certificates are used. Defining policies ensures the secure and appropriate use of certificates within an organization. To create a policy, administrators have to upload a certificate and define the following:

• Which users can use it.
• Where it can be used (specific applications and sites).
• When it can be used (specific times).

In this tutorial, you'll create a policy that allows unrestricted use of a certificate in any application or site. For simplicity, the user in this guide is a local one. For other authentication methods, refer to the Domains documentation.

Before you start

Before starting, ensure the following:

• Redtrust agent is installed on your system.
• You have access to:
  • A digital certificate in P12 or PFX format.
  • A Redtrust IP address and credentials.
  • A domain for local users
  • A certificate group.

Step 1: Add a local user

After deploying Redtrust, add the users who you want to access to the certificates. One way to do that, is manually adding them as local users. To add a local user:

1. Access the admin console at https://<Redtrust_IP_address>/ using your credentials.

2. Go to Access in the navigation menu and click the local users domain row.

   

   If you don't have a local users domain:

   1. Click on New.

   2. Add an alias or name for the domain (company.local in the example) and select Local users from the menu.

      

   3. Click Next and Apply. Now that you have a domain, click on its row.

3. In domain configuration dialog box, go to the Users tab and click New.

   

4. Fill in the fields:

   1. Username: Use the part of the email address before the "@" symbol (in the example, jane.doe).
   2. Name: Enter the user's full name (in the example Jane Doe).
   3. Email and Password.

   

5. Click Apply and then Close.

Step 2: Upload a certificate

Now that you added the user, upload the relevant certificate. To do that:

1. Go to the Certificates tab and click Upload.

2. In the upload dialog box:

   1. Select the certificate group, in this example cert_group1.
   2. Enter the certificate password.
   3. Drag and drop a certificate in PFX or P12 format. In this example, my-certificate.
   4. Click Upload.

   

3. Once uploaded, click Close in the success notification.

info

From the Certificates section of the navigation menu, you can further configure the certificate by clicking on the certificate row. You can read more about the configuration options in the Certificates documentation.

Step 3: Create a policy

Creating a policy is essential to understand and use Redtrust effectively. In this step, you will build on the previous two, combining the added user and certificate into a policy that allows unrestricted access to the certificate in any site or application. Before creating a policy you need to define a site group and an application group and grant them full access.

1. Go to Policies > Applications and click Add application group.

2. In the window and fill in the following fields:

   1. Name: all apps.
   2. Process name: .*.

3. Click Apply.

4. Go to Sites in the side menu and click Add Site Group.

5. In the window and fill in the following fields:

   1. Name: all sites.
   2. Process name: .*.

To create a policy:

1. Go to Policies > Policies.

2. Click New to access the policy creation wizard

3. In the Name field, enter total access and click Next.

   

4. In the Select certificate box, select the certificate you uploaded in Step 2 (in this example my-certificate) and click Next.

   

5. Select the local user added in Step 1 and click Next.

   

6. Click Add sites. Add the sites the user can access with the certificate, in this example all sites.

7. Click Add applications. Add the application where the user can make use of the certificate, in this example all apps. Click Next.

   

8. In the final step, ensure the Anytime is selected. Click Apply, then Accept.

   info

   For more details on the policy configuration options, see the Policies topic documentation.

Step 4: Use the certificate

Once you have configured the policy, verify that it's being applied correctly. To do that:

1. Right-click on the Redtrust agent and then click Connect.

2. Log in with the credentials of the user you added in step 1, in this example jane.doe@<local-domain>.

   tip

   If you don't remember the domain name, you can check it in the admin console under Access > Domain.

3. In a new browser window, go to https://sede.dgt.gob.es/en/index.html.

   warning

   Remember to use a browser you have configured, as described in the Installation guide.

4. Go to Access to My DGT > eIdentifier.

5. In the dialog box, select the certificate you want to use, in this example my-certificate.

6. You are now able to see your details. Now that you have used the certificate, you can see the access event in the dashboard and in the Events tab of the admin console.

Summary

In this tutorial you created your first policy, a crucial step in understanding Redtrust's certificate management. Throughout this process, you also learned about the admin console, certificates, and user access.

Next steps

Now that you've verified the installation and configuration, you can:

• Integrate Redtrust with an Identity Provider.
• Learn more about relevant certificates for your use case.