Using Certificate-based authentication profiles

You can control how clients are authenticated using third-party configuration properties in certificate-based authentication profiles.

About this task

To configure a SafeLinx Server to connect using certificate-based, or a combination of methods, create an authentication profile or profiles, then assign them to a connection profile or HTTP access service.

Procedure

  1. Click the Resources tab.
  2. Right-click the OU in which you want to create an authentication profile.
  3. Create an authentication profile. Select Add Resource > Authentication profile > Certificate-based.
  4. Specify a descriptive name of the profile.
  5. Determine how you want to verify the client certificate authenticity. Check any of all of the following:
    • Verify validity period, to check that the date is within a valid range
    • Verify the trust relationship with the user through the Certificate Authority (CA) certificates stores in a key database. Additionally, verify that the CA has not revoked certifications as listed in certificate revocation lists (CRLs).
    • Verify portions of the certificate subject key against portions of the user record as stored in the SafeLinx Server directory server service (DSS). You form a rule in which you specify which attributes should be attempted for a match.
    Note:
    1. Only connection profiles can use certificate-based authentication profiles.
    2. Only SafeLinx Clients using Windows, Windows CE, or the Linux operating system can use certificate-based authentication.
  6. Assign the authentication profile to the resource that uses it.

    Edit the properties of a connection profile. Click the Security tab, then select the Secondary authentication profile desired.

    When all verifications that are configured pass, the SafeLinx Server finalizes the SafeLinx Client login.