- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-10-2011 05:33 PM
I found there is a Client Certificate Profile Option, but I search around seems no Document or Manual description how to use it.
Can anyone help?
06-09-2011 03:39 PM
Here is an outline of what needs to be done:
1. on your Windows CA create client certificates
2. install the client certificates in each user's browser (one cert per user)
3. import the root CA from Windows on the PAN device under the Client CA Cert (device tab -> certificates -> client CA Cert)
4. create a client certificate profile
a. select the username field
b. under CA cert select the one that you imported to the PAN in step 3 and then click add
c. check "use CRL"
d. click "OK"
note: if you bought your client certs then you would want to check the OCSP checkbox
5. in your SSL VPN profile select the Client Certificate profile that you created in step 4 then click OK
6. commit
At this point when a user logs into the SSL VPN portal they should be asked to select the client certificate that they wish to use. This should be in their browser and available for them to select.
note: make sure the management interface of the PAN device can access TCP:443 of the CRL server (or the internet if checking against a commercial CA).
05-24-2011 03:05 PM
I want to use client certificates for SSL VPN authentication too. Does anybody knows how to configure it?
06-09-2011 03:39 PM
Here is an outline of what needs to be done:
1. on your Windows CA create client certificates
2. install the client certificates in each user's browser (one cert per user)
3. import the root CA from Windows on the PAN device under the Client CA Cert (device tab -> certificates -> client CA Cert)
4. create a client certificate profile
a. select the username field
b. under CA cert select the one that you imported to the PAN in step 3 and then click add
c. check "use CRL"
d. click "OK"
note: if you bought your client certs then you would want to check the OCSP checkbox
5. in your SSL VPN profile select the Client Certificate profile that you created in step 4 then click OK
6. commit
At this point when a user logs into the SSL VPN portal they should be asked to select the client certificate that they wish to use. This should be in their browser and available for them to select.
note: make sure the management interface of the PAN device can access TCP:443 of the CRL server (or the internet if checking against a commercial CA).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!