Managing Authorization Group RestrictionsΒΆ

Prior to managing certificate-based topic authorization group restrictions, a Certificate Authority (CA) that is being used to sign client certificates or the certificate for a client must be imported into ePO.

If you have not imported a Certificate Authority (CA) or certificate, please follow the steps outlined in the ePO Certificate Authority (CA) Import section. Also if you have not created a topic authorization group, please follow the steps in the Authorization Group Creation section.

The following section walks through the steps of limiting which Certificate Authorities (CAs) and/or certificates are required to send and receive messages for a topic authorization group:

  1. Navigate to Server Settings and select the Topic Authorization setting on the left navigation bar.

    _images/addcertbasedauth1.png

  2. Click the Edit button in the lower right corner (as shown in the image above)

    _images/addcertbasedauth2.png

  3. Select the check box next to a Topic Authorization Group (as shown in the image above)

    _images/addcertbasedauth3.png

  4. Click the Actions button and select Restrict Receive Certificates to select certificates allowed to receive messages on the topics associated with the selected Topic Authorization Group (as shown in the image above)

    _images/addcertbasedauth4.png

  5. Select the check box next to any certificate to indicate that only clients with the selected certs or child certs will be allowed to receive messages on the topics associated with the selected Topic Authorization Group

    _images/addcertbasedauth5.png

  6. Click the OK button in the lower right corner (as shown in the image above)

    _images/addcertbasedauth6.png

  7. Select the check box next to a Topic Authorization Group (as shown in the image above)

  8. Click the Actions button and select Restrict Send Certificates to select certificates allowed to send messages on the topics associated with the selected Topic Authorization Group

    _images/addcertbasedauth7.png

  9. Select the check box next to any certificate to indicate that only clients with the selected certs or child certs will be allowed to receive messages on the topics associated with the selected Topic Authorization Group

    _images/addcertbasedauth8.png

  10. Click the OK button in the lower right corner (as shown in the image above)

    _images/addcertbasedauth9.png

  11. Click the Save button in the lower right corner (as shown in the image above)

    _images/addcertbasedauth10.png

The Topic Authorization information will propagate to the brokers. This process can take several minutes to complete.