Chapter 9: Administration Features141CC-SG Authentication FallbackCC-SG has a fall-back authentication mechanism. CC-SG maintains anordered list of authentication methods and if one authentication methodfails CC-SG tries authentication with the next mechanism in the list.For the best results with CC-SG integration, make sure users have thesame access privileges in each authentication server that may be used.Trusted CertificatesYou must install trusted certificates on the User Station in thesescenarios:• A valid CA certificate is required to establish the LDAP connection.Then you must:a. Consult your LDAP server administrator to get the CA certificatefile.b. Install this CA certificate onto the User Station.• When FIPS mode is enabled, all encrypted connections to KX III KVMswitches are processed using the FIPS accredited cryptographiccode and the authenticity of those KVM switches is checked via theircertificate chain. When Check KX Device Certificate is enabled,authenticity of KVM switches is checked via their certificate chain.You must install the trusted device- or root-certificate of each KX IIIKVM switch on the User Station, or the connection to the KVMswitches fails.• When CC-SG integration in enabled, and FIPS mode or Check KXDevice Certificate is enabled as well, you must install the CC-SGcertificate. Also, if the CC-SG and the KX3s managed by the CC-SGhave certificates signed by different CAs, then the certificates fromboth the CC-SG and the KX3 devices should be added to the KX UserStation , or the connection fails. A connection error messageappears. SeeCertificate Failure Messages (on page 143). Note thatCC-SG supports 512 bit key size certificates, but certificates usingRSA or DSA algorithm with key-sizes smaller than 1024 bit are notaccepted by Dominion User Station.For more details about creating certificates that are accepted, seeCertificate Requirements (on page 208).To install the CA or KX III certificate(s) on the User Station:1. Plug a USB drive containing the appropriate certificate file into theUser Station.