1 Reply Latest reply on Feb 9, 2017 11:11 PM by Jon Scholten

    Enabling Client Authentication certificate for specific site

    gsp2028

      Hi

      I have a requirement where when client connect to a specific site it ask for client certificate to authenticate the client. So I need to configure Web Gateway proxy to supply client certificate

      to destination server on behalf of the client.
      Is there a document / sample configuration for how to configure it in Web Gateway ?

       

      Thanks you for your help

      Gsp

        • 1. Re: Enabling Client Authentication certificate for specific site
          Jon Scholten

          Hi Gsp,

           

          This is possible, but there are some considerations. Does each user have a client cert and the MWG needs to provide a different cert based on the user? Or is this a generic cert provided to your organization? Is the client cert requested immediately or later in the connection?

           

          I dont have a client cert auth web site to test with right now, but I believe the below screenshot is what is required.

           

          Inside the Enable SSL Client Certificate Handling settings (Test Client Cert), here is what my settings look like. I just imported a web cert, but the concept is the same. My settings always use a specific certificate (for the case of an organization cert). But if you have user based certs, then you'd use the option for "Use client cert from known client certificate list, if client has proven ownership". You'd then have to preload the MWG with all the certs, but based on your description this sounds like an organization cert.

           

          Best Regards,

          Jon