Enable CA Spectrum CAC Authentication

After you have configured CA Spectrum CAC Authentication on the OneClick server and have finished setting up security, you can enable it from the CAC Authentication page.
casp1031
After you have configured CA Spectrum CAC Authentication on the OneClick server and have finished setting up security, you can enable it from the CAC Authentication page.
Follow these steps:
  1. Click Administration in the OneClick home page.
    The Administration Pages open.
  2. Click CAC Configuration in the left panel.
    The CAC Configuration page opens.
  3. Click Enable CAC.
    The available configuration options for enabling CAC are displayed.
  4. Enter the keystore password in the keystore password fields.
    If you have not changed the keystore password, it is
    changeit
    .
  5. Select one of the following options in the Revocation System section. These options specify how
    CA Spectrum
    determines whether a CAC has been revoked. Complete the resulting fields:
    • Enable OCSP AIA
      Instructs
      CA Spectrum
      to retrieve the parameters of the OCSP server from the certificate on the Common Access Card from the “AIA extension” of the certificate.
    • Enable OCSP Server
      Specifies that the user must provide a URL to access the OCSP server and a certificate for this server.
    • Enable CRL Directory
      Specifies that a path to the directory that contains CRL files must be specified.
    • Enable CRL URL
      Specifies a list, separated by spaces, of full URLs to the CRL files that are provided by the web server.
    • Enable CRL Distribution Point
      Specifies that
      CA Spectrum
      retrieves the information about the location of the CRL files from the certificate itself.
    The CAC Configuration page changes to display the fields that relate to the option that you selected. For more information, see CAC Configuration Page.
  6. (Optional) If you are using LDAP, select the Enable LDAP check box, and complete the fields as described in CAC Configuration Page.
  7. Click the individual test buttons to test your information.
  8. Click Save to save your selections.
    A full test of your CAC configuration options runs. If the test is successful, the CAC information is saved, and the OneClick server restarts.
    If you are using CRLs, they are loaded immediately after the restart. Depending on the number of CRLs and their size, this process can take several minutes. During this time, attempts to access the server using a web browser do not always provide feedback.
  9. (Optional) Track the progress of the load operation by viewing one of the following logs:
    • $SPECROOT
      /tomcat/logs/catalina.out for Linux
    • $SPECROOT
      /tomcat/logs/stdout.log for Windows