Is that possible to verify client certificatie when SSL VPN connects?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Is that possible to verify client certificatie when SSL VPN connects?

Not applicable

I found there is a Client Certificate Profile Option, but I search around seems no Document or Manual description how to use it.

Can anyone help?

1 accepted solution

Accepted Solutions

L6 Presenter

Here is an outline of what needs to be done:

1. on your Windows CA create client certificates

2. install the client certificates in each user's browser (one cert per user)

3. import the root CA from Windows on the PAN device under the Client CA Cert (device tab -> certificates -> client CA Cert)

4. create a client certificate profile

    a. select the username field

    b. under CA cert select the one that you imported to the PAN in step 3 and then click add

    c. check "use CRL"

    d. click "OK"

note: if you bought your client certs then you would want to check the OCSP checkbox

5. in your SSL VPN profile select the Client Certificate profile that you created in step 4 then click OK

6. commit

At this point when a user logs into the SSL VPN portal they should be asked to select the client certificate that they wish to use. This should be in their browser and available for them to select.

note: make sure the management interface of the PAN device can access TCP:443 of the CRL server (or the internet if checking against a commercial CA).

View solution in original post

2 REPLIES 2

L0 Member

I want to use client certificates for SSL VPN authentication too. Does anybody knows how to configure it?

L6 Presenter

Here is an outline of what needs to be done:

1. on your Windows CA create client certificates

2. install the client certificates in each user's browser (one cert per user)

3. import the root CA from Windows on the PAN device under the Client CA Cert (device tab -> certificates -> client CA Cert)

4. create a client certificate profile

    a. select the username field

    b. under CA cert select the one that you imported to the PAN in step 3 and then click add

    c. check "use CRL"

    d. click "OK"

note: if you bought your client certs then you would want to check the OCSP checkbox

5. in your SSL VPN profile select the Client Certificate profile that you created in step 4 then click OK

6. commit

At this point when a user logs into the SSL VPN portal they should be asked to select the client certificate that they wish to use. This should be in their browser and available for them to select.

note: make sure the management interface of the PAN device can access TCP:443 of the CRL server (or the internet if checking against a commercial CA).

  • 1 accepted solution
  • 2945 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!