Using Certificate-based authentication profiles
You can control how clients are authenticated using third-party configuration properties in certificate-based authentication profiles.
About this task
To configure a SafeLinx Server to connect using certificate-based, or a combination of methods, create an authentication profile or profiles, then assign them to a connection profile or HTTP access service.
Procedure
- Click the Resources tab.
- Right-click the OU in which you want to create an authentication profile.
- Create an authentication profile. Select .
- Specify a descriptive name of the profile.
- Determine how you want to verify the client certificate
authenticity. Check any of all of the following:
- Verify validity period, to check that the date is within a valid range
- Verify the trust relationship with the user through the Certificate Authority (CA) certificates stores in a key database. Additionally, verify that the CA has not revoked certifications as listed in certificate revocation lists (CRLs).
- Verify portions of the certificate subject key against portions of the user record as stored in the SafeLinx Server directory server service (DSS). You form a rule in which you specify which attributes should be attempted for a match.
Note:- Only connection profiles can use certificate-based authentication profiles.
- Only SafeLinx Clients using Windows, Windows CE, or the Linux operating system can use certificate-based authentication.
- Assign the authentication profile to the resource that
uses it.
Edit the properties of a connection profile. Click the Security tab, then select the Secondary authentication profile desired.
When all verifications that are configured pass, the SafeLinx Server finalizes the SafeLinx Client login.