VRK Certificates

VRK Certificates provide an ideal authentication method for securely access of information. The security based certificates are stored on the device and extracted on device registration and post repair once VHQ agent is uploaded. The security based certificates consist of two components: the private key that is stored on the device, and the public key that is installed on the server.

VHQ Server requests for VRK Certificate on every registration (or re-registration) and stores it per device in the VHQ database. For devices that are already registered in VHQ server, and the VRK Cert of device is not stored in the VHQ database for a given device, the VHQ server collects the VRK Cert from the device during the next maintenance window.

VRK certificate is collected from the device on KEM and once every 24 hours during the maintenance window.

NOTE:

1. If a RSA public certificate does not exist for a specific device in VHQ server, then VHQ GUI indicates that VRK certificate has not been collected from the device.

2. The latest VRK Certificate, if present, is displayed.

Exporting Multiple Device Certificates from Device Search

You can export VRK certificate of multiple devices into a single compressed file (.zip), and specify the name of the zip file. The selection of devices for which the VRK Cert is exported, based on the VHQ search features of quick search, advanced search and column filtering in the VHQ search screen.

To export VRK Certificates:

1. Select one or more devices for which the VRK Certificate should be exported to a zip file. Even if a single device is selected, the exported file should be in the .zip format.
2. Go to Actions > Export VRK Certificate. This option is available only if VHQ license for Diagnostics is enabled.
3. Enter the ZIP Name and then click Save. The request to export data is submitted to VHQ server and the VRK certificate can be downloaded.

   The request to export data is submitted to VHQ server and the VRK certificate can be downloaded from the Export tab of Import/Export under the Device Management tab. You must specify the locations for the file to be downloaded. The file is in the form of spreadsheet.

NOTE:

• The exported zip file should have VRK Cert (.crt) files for all the selected devices. Each VRK Certificate file within the ZIP file must be named as “{terminal serial number}_vrk.crt”. Separate zip files with different names should be created that contain the VRK Certs for the Vx devices and Mx (V/OS) devices.
• Since the VRK Cert information may NOT available in the VHQ server for some of the selected devices, the export wizard indicates that the created zip file will only include the VRK Cert from the devices for which this information is available. The export log file should clearly indicate the devices for which the VRK Cert information is NOT exported and NOT included in the zip file.