Showing results for 
Search instead for 
Did you mean: 

Enabling Client Authentication certificate for specific site


I have a requirement where when client connect to a specific site it ask for client certificate to authenticate the client. So I need to configure Web Gateway proxy to supply client certificate

to destination server on behalf of the client.
Is there a document / sample configuration for how to configure it in Web Gateway ?

Thanks you for your help


1 Reply
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Enabling Client Authentication certificate for specific site

Hi Gsp,

This is possible, but there are some considerations. Does each user have a client cert and the MWG needs to provide a different cert based on the user? Or is this a generic cert provided to your organization? Is the client cert requested immediately or later in the connection?

I dont have a client cert auth web site to test with right now, but I believe the below screenshot is what is required.

Inside the Enable SSL Client Certificate Handling settings (Test Client Cert), here is what my settings look like. I just imported a web cert, but the concept is the same. My settings always use a specific certificate (for the case of an organization cert). But if you have user based certs, then you'd use the option for "Use client cert from known client certificate list, if client has proven ownership". You'd then have to preload the MWG with all the certs, but based on your description this sounds like an organization cert.

Best Regards,


More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator