CA Certificates trust anchor management in the latest LoginTC RADIUS Connector
August 11, 2025 •
The latest LoginTC RADIUS Connector update introduces more flexibility in managing the CA certificate trust anchors used in protocols that use TLS for secure communications. This follows up on enhancements to the IP address blocking and support snapshot features in our previous update.
Keep reading to learn all about the latest update.
Prefer to watch a video? Check out our feature overview video for the RADIUS Connector 4.1.8 update
What are Certificates?
Certificates are digital files that contain a public cryptographic key and identity information used to establish secure, encrypted communications, typically via protocols like TLS. They are issued by Certificate Authorities (CAs), which cryptographically sign the certificate to verify the identity of the holder. This signature allows clients to validate the certificate’s authenticity and trustworthiness.
Certificates play a critical role in preventing man-in-the-middle attacks by ensuring that systems are communicating with verified and trusted endpoints.
Where are Certificates used in the LoginTC RADIUS Connector?
Certificates are used in the LoginTC RADIUS Connector to establish secure, encrypted connections with external services. Specifically, they’re required when connecting to LDAP directories over LDAPS, ensuring that directory credentials and queries are transmitted securely.
Certificates are also used when the RADIUS Connector communicates with the LoginTC API host (e.g., cloud.logintc.com) over HTTPS, verifying the identity of the API server and encrypting all data exchanged between the connector and the LoginTC cloud platform, or a LoginTC Managed on-premises deployment. In both cases, certificates are essential for maintaining the confidentiality and integrity of authentication traffic.
Adding CA Certificates to LoginTC Managed
What are the Certificate updates in the LoginTC RADIUS Connector?
Version 4.1.8 of the LoginTC RADIUS Connector introduces enhanced certificate management capabilities, giving administrators greater visibility and control over TLS trust settings. Most notably, administrators can now explicitly manage the Certificate Authority (CA) certificates used in the PKIX trust model, allowing fine-grained control over which CAs are trusted for establishing secure TLS connections.
This includes the ability to define which CA certificates are trusted when connecting to the LoginTC API Host over HTTPS, enabling tighter security policies and easier compliance with organizational trust requirements.
Additionally, this release introduces a more modular and reusable certificate management framework that lays the groundwork for a unified approach to configuring TLS trust across all current and future certificate-related scenarios within the connector.
How to use the new Certificate features work
From the new HTTPS CA Certificates page, administrators can now add and remove, and view details about trusted CA certificates.
This includes the default system CA certificates, and any additional CA certificates you wish to use as trust anchors.
Administrators can also specify which CA certificates are used as trust anchors when connecting to LDAP directories. When configuring new user directories or editing existing user directories, administrators can specify default system certificates, or custom, internal, CA certificates.
With these new enhancements to the CA certificates trust anchor management, administrators can achieve better control and visibility over critical security functions.
Next steps
Administrators using the LoginTC RADIUS Connector are encouraged to upgrade to version 4.1.8 to take advantage of the new certificate management features and enhanced security controls.
For organizations looking for a comprehensive, flexible MFA solution for their infrastructure, reach out to us to learn how LoginTC can help.