Scan Name: Extentrix Client Certificate Scan. .
Description: Scans the client machine and checks if a list of certificates were installed on the machine or not.
Parameters:
· Certificates map: Double-columned data set. The first column has a search text string that represents the text to be searched for. The second column has a store string that represents the path where the certificate was stored in. The file might contain more than one set of data.
· Searching Method: Defines the Method which will be used to check for the certificate. There are two methods:
o Searching by Issuer.
o Searching by Subject.
Scan Output:
· Allow Access: A Boolean output which indicates whether the list of certificates are installed or not.
True: Indicates that all certificates in the list are installed on the client machine.
False: Indicates that at least one certificate is not installed on the client machine.
· License Status: A string output which indicates whether the scan is licensed or not.
Trial License: Indicates that the scan has a trial license.
Invalid License: Indicates that the scan is expired or doesn’t have a license.
Valid License: Indicates that the scan is licensed.
Note: if the License Status has an Invalid License value, the Allow Access will be false.
To install a custom end point analysis scan package follow
the steps below:
1.
Start Citrix Access Management Console. In the
console tree select the Endpoint Analysis node.
2.
Right click and then select Import scan package
from the pop-up menu that shows up.
Note: You have the choice to insert the scan package in a specific scan package group; first select the desired group, then right click and select Import scan package from the pop-up menu that shows up as shown in the following screen shot.
3.
A dialog box titled “Select Scan Package File”
will appear. Select the (.cab) file which contains the Extentrix
Client Certificate Scan.
After selecting the ExtentrixClientCertificateScan.cab, it will appear in
the console pan as shown in the following screen shot.
You can edit, delete or insert a value to data set. The
following steps demonstrate how you can do that:
1.
Right click Endpoint Analysis in the console
tree and select Manage Data Set from the pop-up menu that shows up.
2.
A window titled “Data Sets” will appear.
Select the data set you want to edit then click Edit button.
3.
A window titled “Edit Data Set” will appear.
In this dialog box, you can insert a new value, edit an existing value or remove unwanted value, then click OK.
You can edit, delete or insert a value to data set. The
following steps demonstrates how you can do that.
1. Right click Endpoint Analysis in the console tree and select Manage Data Set from the popup menu the show up.
2.
A window titled “Data Sets” will appear.
Select the data set you want to edit then click Edit button.
3.
A window titled “Edit Data Set” will appear.
4. In this dialog box, you can insert a new value, edit an existing value or remove unwanted value, then click OK.
You should provide 3 items:
· Search Criteria.
· Search String.
·
Store Name.
Searching Criteria
You have the ability to check for a certificate using two
search methods:
1) By Issuer:
· Issuer exact string: You must provide the exact issuer string (see Important Notes).
·
Issuer substring: You can provide a
substring from issuer string and put (*) at the end of substring (see Important
Notes).
2) By Subject:
· Subject Exact string: You must provide the exact subject string (see Important Notes).
· Subject substring: You can provide a substring from subject string and put (*) at the end of substring (see Important Notes).
The data set might contain more than one set of data (Rows). Each row of data represents the search criteria for a certificate which the client searches for. The data contained in each row are: The first data is the search string which might be certificate issuer or certificate subject, the second data is the store name where the certificate is located in the client. Example on that is illustrated below:
1) Search String, which can be:
· Complete Exact String ex (C=GB, O=ViaCode, OU=CA Data, OU=CA1).
· Substring ex (Microsoft*).
2) Store Name, which can be (CA , MY , ROOT , SPC)
· Each user has a MY certificate store which contains his/her personal certificates.
· The ROOT store contains certificates of the most trusted certification authorities.
· The CA store contains less frequently used certification authorities.
· The SPC stands for Software Publisher Certificate.
· The Address Book store contains other people's certificates.
Important Notes:
1) If you choose to search by exact matching either for Issuer or Subject;
· You have to insert string in a format exactly like this:
C=GB, O=ViaCode, OU=CA Data, OU=CA 1
Note: Make sure that there are no spaces around the equal sign. Add a space after the comma.
· Parts of the exact string are inserted from bottom up:
Ex: if the original string in a certificate is:
OU=CA 1
OU=CA Data
O=ViaCode
C=GB
You should insert it like this:
C=GB, O=ViaCode, OU=CA Data, OU=CA 1
2) If you choose to search by Substring matching either for Issuer or Subject:
· You have to put a (*) just after the substring.
The map file is a .csv file format. We use Microsoft Excel to build up map files due to its simplicity.
We will demonstrate building the map by examples. The figure below shows a screen shot of an area from an excel sheet where we have entered three values for the map file.
To do the same, follow the steps below:
1. Start Microsoft Excel.
2. In column A row 1 type the search text you want to check for.
3. In column B row 1 type the root of the certificate to be checked for. Repeat the same steps for other values.
4. After typing all of your certificates select File -> Save
5. In the Save dialog box, type a name for the map file in File Name field and in Save as Type field make sure it is in the format CSV (comma delimited).
6. Now you are ready to use the map file in Extentrix Client Certificate Scan.
§ Note 1: Building a map file can be done by using other softwares like Note Pad. If you want to use the Note Pad, make sure that the values are comma delimited and the extension of the file is .csv as shown below.
