Tarantella Administration Guide > Security > How can I add my own flavor of certificate?

How can I add my own flavor of certificate?

By default, the Tarantella Security Pack supports a number of certificate flavors from different Certificate Authorities. You can use a Base 64-encoded X.509 certificate from an unsupported Certificate Authority without extra configuration, but certificates are not validated and users are prompted to accept or decline the certificate. This is a potential security risk.

To permanently add a new certificate flavor and allow certificates to be validated without prompting the user, you must install the appropriate root certificate (or Certificate Authority's certificate) for that Certificate Authority.

On the Tarantella host, type: 

tarantella security customca

Then, paste your root certificate in PEM format to standard input.

Users who log in to Tarantella using a web browser need do nothing. However, users of the Tarantella Native Client must download and install the certificate as well as the Native Client. Instructions for this are shown when they download the Native Client. In brief:

  1. Users click a link on the Native Client download page to download the PEM file containing the root certificate. This link is shown only if a custom root certificate is installed on the host.
  2. Users then copy this file to the directory in which they installed the Native Client. Users of the Native Client for UNIX can specify the location of the file in their Native Client preferences file.
Related topics
  • What certificates does the Tarantella Security Pack support?
  • The tarantella security customca command
  • Obtaining and installing an X.509 certificate
  • User prompts and root certificates