Internal - 2FA and Passwords - Process Example with DBA and template to use

We get 2 reports from DBA regularly on expiring 2FA and passwords.
Passwords are every 90 days, so we push as many customers as we could to the 2fa solution and CCM SEs set them up with it automatically. 2FA last a year.

NOTE: Etrade has accounts on both hard and cert-manager
Incommon and Eurpoean Space have two accounts as well
IHG also has 2 accounts, one under six hotels and one under intercontinental
State of Oregon is on their own instance, password updated 7/21/2016
Dignity Health = Catholic Healthcare

Accounts that are associated with comodocertificatemanagerdemo on Production
URI Location
SSLSupport BOTH ( and
entsales2 enterprise (
docs enterprise (
qa enterprise (
AusCERTold (
demostateca (
entsales (

How To add a Client Certificate to a CCM Account

Request Authentication Certificate – used in place of loginName &
loginPassword authentication

Note: loginPassword no longer needs to be synchronized every
90 days (as per SASP rules) but rather the certificates need to be
swapped out prior to their expiration. Auth certs are often valid
for a period of 3 years.

1. Log in to CCM Super Admin (e.g. https://CCM-Server-instance/admin ; )

2. Locate and select the company's account in the Customer tab.

3. Click Edit, scroll to authentication button, click Authentication, then

Click Add

Enabling Authentication Certificate on SASP

1. Select the certificate created above, and click View

2. Record the order number and locate it within OMS.

3. Locate the Certificate ID for the order number above and record it.

4. Compose an email

* To: [email protected]
* CC: [email protected]; Nicole Wayland; Tarek;Salvatore Gagliano
* Suggested Email Subject: [CCM] 2FA cert for XXX-Customer's-Company-Name-Here-XXX

NOTE: Only one customer per email!

5. Fill in the template below with the information you now have access to and use it as the body of the email:

DBA, Please enable the following 2FA cert ID on our customer’s account:

Thank you,
For Support Use Only:

This is just a reminder when resetting ccm passwords you must make sure to sync the password in CCM as well.
Step 1 = SASP Manual Reset = Username “password”
Step 2 = Login as user > change password “default is username” then select 1 or all 3 of the generated passwords
Step 3 = paste this password in notepad to make sure you are not coping white spaces
Step 4 = paste into sasp change password field and click apply changes
Step 5 = login to ccm > click on company > click edit > click authentication > copy and paste generated password from notepad
Step 6 = Click ok
Step 7 = Click ok AGAIN… If you click cancel the passwords will not sync.

From: Earle A Long <[email protected]>
Date: June 1, 2018 at 9:54:59 PM EDT
To: 'Oronde Beazer' <[email protected]>, <[email protected]>
Cc: 'SSLsupportUS' <[email protected]>
Subject: RE: [2FA] CN=ABB/CON-CISE Optical Group LLC
Hi Oronde, Done.

Earle A Long
Production DBA
Email: [email protected]
Office: +44 1274 730505
Mobile: +44 7774 280717

This message and any files associated with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender by reply email, disregard the foregoing messages, and delete it immediately.

From: Oronde Beazer [mailto:[email protected]]
Sent: 01 June 2018 18:23
To: [email protected]
Cc: SSLsupportUS ([email protected]) <[email protected]>
Subject: [2FA] CN=ABB/CON-CISE Optical Group LLC


Please enable for 2FA for: CN=ABB/CON-CISE Optical Group LLC
Certificate ID: 7840114402
Customer's Account Number: 6899674758

== For Support Use ==
CCM Instance:
Order #: 145061817
Account Name: ABBOpticalCCM
Thank you,