A client certificate profile allows managing certificates that provide the security and authentication of network connections. The profile includes settings such as root certificate usage and validation methods. It can also define certificate validity terms and additional security features, such as authentication.
The client certificate profile verifies the user's certificates against the certificate authority's certificate chain. The required UPN user attributes specified in the profile must match the attributes in the certificate CN and\or SAN:principal name otherwise the certificate is considered invalid.
When certificate-based (PKI) authentication is selected, a preconfigured client certificate profile is specified pointing to certificates that can then be used in various NGFW subsystems, such as Captive portal, VPN, web portal, and reverse proxy.
To create a client certificate profile, go to Settings ➜ UserGate ➜ Client certificate profiles, click Add, and specify the desired settings:
Name |
Description |
---|---|
Name |
The name of the client certificate profile. |
Description |
An optional interface description. |
Get username from |
A field in the client certificate contains the username value for identification:
|
CA certificates |
The root CA certificates assigned to the profile. |
Checking revoked certificates |
The list of certificates that were revoked and cannot be used anymore. This list includes expired certificates and certificates that were stolen or compromised in any other way. Certificate revocation status check method:
|
Check timeout |
The time interval after which NGFW stops waiting for the response from the certificate revocation list service. |
var glosarry_items = new Array; glosarry_items[1] = 'Процесс сравнения данных, предоставленных пользователем, для идентификации с эталонными, хранимыми в базе данных приложения либо сервиса.';