Enforce Certificate Authentication

It is possible to enable x509_enforcing parameter in order to authorize only certificate authentication.

This means local accounts will no longer be able to connect on Stream.
When logging in using an X509 certificate, there is no logout option, meaning that the only way to log out is to change the presented certificate in your browser, or to switch to private browsing.

Using Stream configuration utility

Connect to the server with an account with administrative privileges;

Start the Stream configuration utility by running:

# /opt/stream/sbin/stream-config

In the main menu, select 'Stream':

Main Config Menu

In the Stream menu, select 'STREAM_ENFORCE_X509':

Stream Config Menu

In the X509 Authentication Enforcing menu, select 'ENABLE':

X509 Enforcing Config Menu

For the changes to take effect, you must restart the Stream service by running:

# systemctl restart stream

X509 Authentication is now enforced.

Re-enable local authentication

This should be done in a confined and secure environment.

If you lose all available authentication certificates to Stream and want to re-gain access to the administration console, please follow these steps:

Connect to the server with an account with administrative privileges;

Start the Stream configuration utility by running:

# /opt/stream/sbin/stream-config
Main Config Menu

In the Stream menu, select 'STREAM_ENFORCE_X509':

Stream Config Menu

In the X509 Authentication Enforcing menu, select 'DISABLE':

X509 Enforcing Config Menu

For the changes to take effect, you must restart the Stream service by running:

# systemctl restart stream

Now that the X509 enforcing is disabled, you can log in with the initial administrator account that was created during the bootstrap of the product. If you lost access to that account as well, or if you deleted it, please contact the EVERTRUST support.