Port/SNI mappings

Email, SMS Messaging and Push Notification Services

For using the directory services PoC, you must configure the to send OTP codes via email (SMTP) or SMS messages to users during enrollment.

• To use email, use the administration dashboard to enter your email server SMTP parameters into the appliance. Instructions are provided later in this guide.

Using Unique Names

To perform end-to-end testing, you will need to use a publicly trusted certificate and Public DNS records that match the name(s) on your certificate. Choose whether you use:

• Port Mapping. One unique DNS record with port numbers for different service endpoints. In this instance you will use a certificate with one subject name for all endpoints. (eg vid.domain.com)

• SNI Mapping. Multiple unique DNS record (SNI mappings) for different service endpoints. (eg admin-vid.domain.com, fido-vid.domain.com). Use a multi-domain (SAN) certificate with subject alternative names for the different endpoints or a wildcard certificate (*.domain.com)

Based on your decision, obtain a valid, globally recognized SSL certificate for your server. Using a self-signed certificate will require configuring your smartphone to trust the root CA that generated the certificate, so it is generally easier to use a public certificate. Your certificate must be in PEM format and include any Intermediate and Root certificates in the chain as well as the unencrypted private key.

Obtain licenses from your Veridium sales engineer. As licenses are based on the certificate digest, you must have the certificate before Veridium can generate the licenses.

In the table below, the first URL is used for SNI service mapping and second URL is used for PORT service mapping depending on your configuration. Typically you would choose either SNI or the port based approach, not both. (Examples are shown for an environment name of poc and a domain of poc.veridium.com, substitute your values as appropriate.)