Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificate check on a role level

KevinW_
Contributor
‎02-05-2010 02:53:AM
‎02-05-2010 02:53:AM

Certificate check on a role level

I am having problems using certificate checking on the role level. Tested this on the realm level and it works ok.

Generating a client cert on a machine. Importing this into the local computer store in personal certificates and enrollment certificate requests, and then also putting this certificate into the user personal certificate store. Then getting this certificate and installing it on the Client CA area on the IVE and the Server CA area. Also setup the root CA and the CRL checking options.

So the certificate is everywhere at the moment. Then I have set the role to only allow clients who match with the CRL checking options.

Try to log into this role and it fails.

Put the same settings on the realm, and it works ok. Does this not work at the role level, or am I missing something here ?

0 Kudos
1 REPLY 1
muttbarker_
Valued Contributor
‎02-05-2010 03:12:PM
‎02-05-2010 03:12:PM

Re: Certificate check on a role level

Hey Kevin - role based certificate assignment is a little funky. The browser cert is only check at realm login time. So even though you are not authenticating to the realm via a cert you need to modify the settings under "User Realms / Authentication Policy / Certificate"

Set the radio button to the middle selection "Allow all users and remember certificate information while the user is logged in" - this will store the cert information for use in role validation. Works like a charm!

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.