How to solve the Administrator Certificate-Based Authentication with issue of Redirection to prompt the username and password

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to solve the Administrator Certificate-Based Authentication with issue of Redirection to prompt the username and password

L2 Linker

The Certificate-Based Authentication for administrators to access the firewall through the web interface transparently authenticates the admin with a client certificate instead of prompting and entering manually the username and password.

 

The Client Certificate must be generated and signed either by the built-in CA of the Firewall or an Enterprise CA. The Common Name that you enter in the CSR should be the username of the Admin and the same username should be also created in the firewall as non-local database account with the option "Use only client certificate authentication (Web)" checked.

 

6.png

 

The Certificate Profile that defines which CA's certificate the firewall will use to verify the Client Certificate. This certificate profile contains the option "Username Field", In this field you need to select the option "Subject" to instruct the firewall to use the Common Name defined in the client certificate as the username when authenticating through the Web Interface.

 

Without specifiying the Username Field in the Certificate Profile, the Admin will be redirected to enter a username and password as shown below because the firewall  is unable to find which field in the client certificate it must use to authenticate the adming, and this is not the goal of using Administrator Certificate-Based Authentication.

 

3.png

 

1.png

 

2.png

 

To fix this, specify the Username Field to be the Common Name or the Subject Alternative Name.

 

4.png

 

5.png

 

1 REPLY 1

L0 Member

Is there any option to customize a response page for admins who does not have certificates, 
we are getting error 400 bad request, we are expecting response like access denied 

  • 1037 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!