How to use SSL certificates as two-factor authentication

Prerequisites:
- Login certificate in P12 or CRT format;
- Certificate that signed and authorized the login certificates (CA);
- Senhasegura version 3.26;
- Access to SSH (orbit cli) of senhasegura.

Important: This step-by-step guide will enable the use of the certificate for all users. Therefore, if the user does not have the certificate configured in their browser, it will not be possible to authenticate in the tool.

  1. Let’s import the CA to senhasegura. Therefore, use a file transfer client such as WinSCP and send the CA’s .crt to the senhasegura server. After this, access via SSH and run the command:
orbit support auth-cert ca --file=<<<<CA_FILE>>>>
orbit support auth-cert enable
  1. You will need to import your login certificate in your preferred browser. Import it as a personal certificate. If necessary, also import the CA’s .crt as a recognized certification authority.

Approved browsers: Edge, Chrome and Firefox

  1. The last step will be to enable the use of a certificate to log in to the senhasegura interface, to do so, access:
    image

  2. After that, access a new tab and call the senhasegura IP or DNS again.

Notes:

  • The same certificate can only be used by a single user;
  • The same certificate can be installed in different browsers or machines to be accessible by the same user.

Tip:

  • Enable 2FA to further increase the system’s security level!