cancel
Showing results for 
Search instead for 
Did you mean: 

Machine Certification before connecting SSL-VPN with using Hostchecker

Highlighted
New Member

Machine Certification before connecting SSL-VPN with using Hostchecker

I have a customer who want to connect SSL-VPN with PSA.

by performing several test, I know, to connect SSL-VPN, I need to use user-certification
instead of machine certtification.

but before checking cert, PSA rent time had been past, and I'm confused.

Can PSA Hostchecker check machine certification before connect SSL-VPN?
Following KB said it can with OpenSSL, but did not mention the timing.
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB16992

and our SIer said PSA cannot check machine cert, but they cannot explain why.
1 REPLY 1
Highlighted
Moderator

Re: Machine Certification before connecting SSL-VPN with using Hostchecker

You can do a machine certificate check using Host Checker for Windows machines.
This is configured at Authentication>Endpoint Security>Host Checker>policyName>machineCertificateCustomRule
You can have the check be done in order to see the realm (require and enforce on the realm) or as part of the role mapping process (evaluate on the realm; enforce on the role).

You can also do machine certificate authentication with Pulse where the Pulse client checks the machine store for the certificate to use to authenticate.

Can you expand further on what you are looking to achieve vs what you are seeing?