System
Overview
This document provides a information about various features and functionalities of the Redtrust platform. It is divided into sections according to Redtrust admin console. Each section includes a description of the purpose and configuration options. For related guides and detailed instructions, refer to the linked resources.
Services
The Services section defines parameters for the proper functioning of Redtrust's functionalities.
SMTP
These settings are available to send emails using the Simple Mail Transfer Protocol (SMTP). Alerts and warnings generated by Redtrust will be sent though the email account configured in this section.
| Setting | Description |
|---|---|
| Host | IP or hostname of the SMTP server. |
| Port | Network port number for server and client communication. |
| Username | Username for authentication with the SMTP server. If the From field is not filled, this value must have an email format. This value is not required if the server allows anonymous email sending. |
| Password | Password for the specified username. |
| From | Optional field to specify the sender's email address displayed in sent messages. Defaults to the username if left blank. |
| Name | Optional field to specify the name of the displayed in the sent emails. |
Syslog
This section helps you customize the Syslog service to log system events. It enables devices to send log messages to a central server, for analysis, monitoring, and troubleshooting.
| Settings | Description |
|---|---|
| Syslog disabled | Enables or disables Syslog exports. |
| Using the TPC Protocol instead of UDP | Enable TCP communication protocol. |
| Syslog server | The Syslog server URL. |
| Syslog server port | Optional port configuration. |
| TLS enabled | Enables TLS for secure communication. |
| TLS certificate | TLS certificate of the Syslog server |
Splunk HEC
These settings configure Redtrust to send event log data to a Splunk server using their event collector framework.
| Setting | Description |
|---|---|
| Splunk logs disabled | Enables or disables sending logs to Splunk. |
| Validate service connection certificate disabled | Determines whether Redtrust validates the Splunk server certificate. |
| Splunk HEC URL | URL of the Splunk HTTP Event Collector. Example: https://<host>.splunkcloud.com:8088/services/collector/event. To ensure the URL is configured properly, see Splunk documentation. |
| Splunk HEC Token | Access token for the Splunk HTTP Event Collector. |
Templates
This section provides you with editable templates for errors and notifications.
NTP server
This section provides the configuration of the Network Time Protocol (NTP) to synchronize device clocks. Specify the server name or IP, test its operation using the Test button, and apply the configuration. You can also set the time zone, which requires a Redtrust service restart.
PSIS Server
This section allows you to configure the Identity and Security Service Provider (PSIS) server to validate certificates in the DSS module. Specify the server name or its IP address, test its functionality using the Test button, and apply the configuration.
High Availability
Redtrust supports two linked for a High Availability (HA) setup. The primary unit handles customer operations, while the secondary unit takes over during primary unit failures until restoration.
Unit
The Unit section provides information and configuration options for the Redtrust instance.
Information
Detailed information about the Redtrust unit, including version, operating mode, and customer identifier.
Server configuration
| Setting | Description |
|---|---|
| Language | The system is available in Spanish, Catalan, English, and Portuguese. The selected language applies to the Redtrust unit and all system users. |
| Log level | Defines the level of detail in system logs (low, medium, or high). The high level is recommended for troubleshooting technical issues during installation and deployment. |
| Events purge | Specifies how long certificate use events are retained (six months, one year, one and a half years, two years, two and a half years, or three years). Retention is subject to a 600K event limit to maintain performance. For high activity, consider exporting events periodically or using Syslog. |
| Alerts configuration | Controls alert behavior. The first parameter enables alert notifications. If enabled, you can choose whether to include the certificate holder. For alerts to reach the specified email address, SMTP must be configured. |
| AD Users cache | Enables or disables user caching on the server. When enabled, Redtrust queries the user source only if the user is not found in the internal cache, reducing query volume, server load, and response time. The cache duration (in minutes) determines how long users remain stored before being refreshed. If enabled, changes at the source may not be immediately reflected in Redtrust. |
| Change unit certificate | Installs a new certificate in the system. The certificate can be modified for the Administration console and personal area, Signature service (DSS), Administration service, Preservation service, and RA API. |
| Custom client image | Defines the image displayed on the admin console login screen, such as a company logo. |
| Metrics configuration | Disables metrics if needed. Metrics can also be downloaded as a CSV file. |
| SNMP configuration | Configures the Simple Network Management Protocol (SNMP) to enable external monitoring of the Redtrust server. Specify the community name (used for authentication) and the IP addresses authorized to monitor the server. Optionally, enable or disable SNMP functionality as needed. |
Agents configuration
| Configuration | Description |
|---|---|
| Restrict traffic to the unit only from registered applications | Enables or disables traffic from applications registered in the system. This option ensures that agents do not send usage requests to the unit when cryptographic operations are performed by unregistered applications on the client. |
| Remember credentials in agents | Allows agent users to save their credentials in the system so they do not have to enter them at every login. |
| Apps certificate usage timeout | |
| Store agent certificate information | Defines whether the unit collects the public part of the certificates stored on clients. If disabled, only the certificate hash will be visible. |
| Send agent reports |
License
For information on license updates, please refer to How to update your license.
This section provides information on the status of the license and its expiration, offering the option to change it or install a new one. You can see the status of the unit and the expiration date (if applicable). You can also see the license and have the option to copy it.
| Setting section | Description |
|---|---|
| License status | The expiration date of the license at the top of the license view. By default, the system will notify you when the license is close to its expiration through a series of notifications in to the admin console. |
| Unit settings and status | Certificate usage: Total number of certificates, the number of certificates used and those available. Active users: Total number of active users, the number of active and available users. Available modules: Redtrust modules included in the current license. |
The system notifies you when the number of active users or certificates allowed by the license is about to exceed the limit. Once this limit has been exceeded, the functions related to certificate management will be deactivated.
Backup
For information on performing a backup, please refer to How to backup Redtrust.
Possible service error responses
| Error | Description |
|---|---|
| ERROR | Only one check allowed every minute. |
| ERROR | Backup file missing. |
| ERROR | Incorrect backup file length. |
| ERROR | Incorrect backup file format. |
| ERROR | Incorrect backup version, newer versions than current not allowed. |
| ERROR | Backup decryption failed. |
| ERROR | Incorrect version format. |
| ERROR | Unexpected error. |
Network
This section displays network and port configuration details. You can view and edit all available settings.
Maintenance
Find all information about the agent and system updates in the update documentation and system downgrade how-to guide.
You can restart the Redtrust unit using the Restart and Shut down button.
Agents
Redtrust allows you to monitor which agents are installed in your organization's infrastructure and track their activity. You can see which agents are active, which users connect through each agent, and review activity related to each agent. You can also manage and audit the status of client machines where the Redtrust agent is installed.
Agent updates
Find all information about the agent updates in the update section.
Agent management
This section shows all agents of the current Redtrust instance and allows the user to export the information in CSV format.
- Alias: The unique alias of the agent.
- Filter: Can be enabled to reduce traffic to the server from applications that are not associated with policies to reduce the number of events that are logged.
- Reports: Can be enabled to configure the agent to send a report that includes information (certificates/thumbprints) of all certificates installed on the machine in the certificate store.
- Machine name: The name of the PC or machine.
- IP: The IP address of the machine where the agent is installed.
- Version: The current version of the agent.
- Type: User or server.
- Certificates: This value is not reported for Redtrust.
- Last user, connection & use of certificates: The last user and the time and date of when they last used a certificate.