TOTPRadius - Web Server and LDAPS certificates
The admin panel allows uploading different types of certificates. Navigate to "Web Server and LDAPS certificates" from the left menu
Management interfaceThe management interface of TOTPRadius is web based and is recommended to be accessed via HTTPS protocol (although HTTP is also supported and can be enabled if needed). In addition to the admin panel functionality, the web server is used for server replication (if configured in master/slave mode) and REST Web API (used for web-based integrations such as Citrix StoreFront self-enrollment, WordPress and ADFS plugins). Therefore, it is recommended to generate and apply the proper web server certificate for these interfaces. The appliance comes with a dummy self-signed certificate that is recommended to be replaced with your own. You can use a public certificate or a certificate issued by your internal CA (if the internal CA trust has been added to all your clients).
To update the web certificate files, you need to navigate to Admin Portal -> Web Certificate page and paste the content of the private key and the certificate itself into the corresponding text areas in the Admin panel web certificate section.
A similar procedure is required for updating the certificate of the VPN Portal running on the same appliance but a different port (9443). As this is the interface facing public internet (via 1:Many NAT from 443 to 9443), a commercial web certificate might be needed. You can also place the VPN portal behind a CDN that can provide the SSL certificate as a part of the service (i.e. Cloudflare).
Click on "Update certificates" button to apply the changes. The web server will need to be restarted to complete the process.
LDAPS CA CertificateThe same page allows uploading your CA Root certificates if you decide to use LDAPS protocol to connect to your LDAP servers. You can also use the built-in tool to retrieve the certificate from your LDAPS server.
- Installation and initial configuration
- Network configuration
- Migrating from older versions
- LDAP Configuration
- Azure AD Configuration
- Self-service enrollment portal
- Web and LDAPS Certificates
- Syslog configuration
- Single-factor authentication exceptions
- Slave appliance mode
- Dynamic RADIUS Attributes
Top myths about FIDO2 security keys and Passwordless access
We have been getting quite a lot of questions about the security level of FIDO keys, in the light of some recent news and research papers covering potential vulnerabilities of both the protocol stack itself and the hardware of certain implementations.
molto2.py - Molto2 USB Config tool
molto2.py is a solution developed by Token2 to program and configure the Molto2v2 TOTP hardware tokens using pyscard python library. It works under Linux, macOS and Windows.
Introducing Passwordless Login for Our Website!
At Token2, we are always looking for ways to improve the user experience and make it as convenient and secure as possible. That's why we are excited to announce the addition of a passwordless login option for our website.