Re: Machine Certificates.

trusty1162_ · ‎01-21-2010

There is reasonable information in the SA admin guide about this topic and some other information (which looks dated) in a how to document for the deployment and use of machine certificates. Does anyone have anything in the way of in depth documentation? A list of the error codes that HC displays on the remediation pages for PKI related issues perhaps? For example: No certificate found, Machine Certificate Validation failed (3) What do the numbers in parenthesis indicate? Any links to documentation you have found useful when integrating machine certificates and certificate authorities with SSL VPN would be very useful. Cheers

jkopko_ · ‎01-26-2010

I contacted support about this awhile ago (about what it's actually checking for) and they weren't much help. Basically HC just looks to see that the client has a valid cert issued from a trusted CA. There's not much other checking it does, and I don't know of any additional documentation.

stine_ · ‎02-03-2010

Kind of. By default, for certificate based logins, the only requirement is that the certificate be trusted, i.e. loaded into the SA..

Once you have certs installed, navigate to Users->User Realms->[realm name]->Authentication Policy->Certificate. Here you can specifiy name/value pairs for certificate fields, like CN, version, basically, any field that exists in the certificate.

I believe that this is what you're looking for.