Is that possible to verify client certificatie when SSL VPN connects?

muratahk — Wed, 11 May 2011 00:33:22 GMT

I found there is a Client Certificate Profile Option, but I search around seems no Document or Manual description how to use it.

Can anyone help?

Re: Is that possible to verify client certificatie when SSL VPN connects?

mfe — Tue, 24 May 2011 22:05:13 GMT

I want to use client certificates for SSL VPN authentication too. Does anybody knows how to configure it?

Re: Is that possible to verify client certificatie when SSL VPN connects?

bpappas — Thu, 09 Jun 2011 22:39:16 GMT

Here is an outline of what needs to be done:

1. on your Windows CA create client certificates

2. install the client certificates in each user's browser (one cert per user)

3. import the root CA from Windows on the PAN device under the Client CA Cert (device tab -> certificates -> client CA Cert)

4. create a client certificate profile

a. select the username field

b. under CA cert select the one that you imported to the PAN in step 3 and then click add

c. check "use CRL"

d. click "OK"

note: if you bought your client certs then you would want to check the OCSP checkbox

5. in your SSL VPN profile select the Client Certificate profile that you created in step 4 then click OK

6. commit

At this point when a user logs into the SSL VPN portal they should be asked to select the client certificate that they wish to use. This should be in their browser and available for them to select.

note: make sure the management interface of the PAN device can access TCP:443 of the CRL server (or the internet if checking against a commercial CA).

topic Is that possible to verify client certificatie when SSL VPN connects? in General Topics

Is that possible to verify client certificatie when SSL VPN connects?

Re: Is that possible to verify client certificatie when SSL VPN connects?

Re: Is that possible to verify client certificatie when SSL VPN connects?