Applies To:Show Versions
- 15.0.1, 15.0.0
Client Certificate Inspection
About client certificate inspection
Task summary for client certificate inspection
Creating a client
SSL profile for certificate inspection
- On the Main tab, click.The Client SSL profile list screen opens.
- ClickCreate.The New Server SSL Profile screen opens.
- In theNamefield, type a unique name for the profile.
- From theParent Profilelist, selectclientssl.The default settings for the profile specify a 10-second SSL handshake timeout. Some users with smart cards cannot authenticate within that time. You can increase the timeout if this is the case at your site.
- From theConfigurationlist, selectAdvanced.
- If you have VMware View clients on Mac OS X, disable TLS 1.2 in the Options List area:
- In theAvailable Optionslist, selectNo TLS 1.2.
- If you change the values for theCache Sizeor theCache Timeoutsetting, do not specify a value of zero (0) for either setting.When these values are 0, the client must supply a PIN on each browser page refresh.
- Scroll down toHandshake Timeoutand select theCustomcheck box.Additional settings become available.
- To limit the timeout to a number of seconds, selectSpecifyfrom the list, and type the required number in thesecondsfield.In the list, the valueIndefinitespecifies that the system continue trying to establish a connection for an unlimited time. If you selectIndefinite, thesecondsfield is no longer available.
- Scroll down to the Client Authentication area.
- Next to Client Authentication, select theCustomcheck box.The settings become available.
- From theClient Certificatelist, selectrequest.Do not selectrequire.
- From theTrusted Certificate AuthoritiesandAdvertised Certificate Authorities, select the certificates you imported previously.
Configuring an access
policy to confirm client certificate validity
- On the Main tab, click.The Access Profiles (Per-Session Policies) screen opens.
- In the Per-Session Policy column, click theEditlink for the access profile you want to configure.The visual policy editor opens the access policy in a separate screen.
- Click the(+)icon anywhere in the access policy to add a new item.Only an applicable subset of access policy items is available for selection in the visual policy editor for any access profile type.A popup screen opens, listing predefined actions on tabs such as General Purpose, Authentication, and so on.
- In the search field typeclient, then selectClient Cert Inspectionfrom the results list, and clickAdd item.A popup Properties screen displays.
- ClickSave.The properties screen closes and the policy displays.
- Complete the policy:
- Add any additional policy items you require.
- Change the ending fromDenytoAllowon any access policy branch on which you want to grant access.
- ClickApply Access Policyto save your configuration.