Machine Certification before connecting SSL-VPN with using Hostchecker
I have a customer who want to connect SSL-VPN with PSA.
by performing several test, I know, to connect SSL-VPN, I need to use user-certification instead of machine certtification.
but before checking cert, PSA rent time had been past, and I'm confused.
Can PSA Hostchecker check machine certification before connect SSL-VPN? Following KB said it can with OpenSSL, but did not mention the timing. https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB16992
and our SIer said PSA cannot check machine cert, but they cannot explain why.
Re: Machine Certification before connecting SSL-VPN with using Hostchecker
You can do a machine certificate check using Host Checker for Windows machines. This is configured at Authentication>Endpoint Security>Host Checker>policyName>machineCertificateCustomRule You can have the check be done in order to see the realm (require and enforce on the realm) or as part of the role mapping process (evaluate on the realm; enforce on the role).
You can also do machine certificate authentication with Pulse where the Pulse client checks the machine store for the certificate to use to authenticate.
Can you expand further on what you are looking to achieve vs what you are seeing?