cancel
Showing results for 
Search instead for 
Did you mean: 

Trusted certificates

Highlighted
Occasional Contributor

Trusted certificates

I need to find a way for people connecting to my VPN to have a trusted certificate for an INTERNAL server.

The only machines that will need the certificate are NOT managed by us.
(i.e. they're other agencies or personal workstations connecting in to use internal services)

Any help would be appreciated.


4 REPLIES 4
Moderator

Re: Trusted certificates

Do you mean a user certificate or do you mean that the clients need to trust that the server is valid but is signed by an internal CA?

If the former, you will need to work with the PKI team on how they want to handle users obtaining certificates that prove identity. For the latter, you will need to work with your PKI, and possibly web hosting team, and determining how to best get the root CA to users.
Occasional Contributor

Re: Trusted certificates

Thanks for the reply Zanyterp.

The latter is what we need to do.
We need the users to get the root CA for a specific server.

I was hoping to find a way for Pulse to install it or at minimum be able to identify that they didn't have the root CA needed - possibly by Host Checker.

The only other thing I've come up with is a post-authentication message with a link to a webpage that they can install it from. This is a manual way and I was really trying to find another means that was more automated.
Moderator

Re: Trusted certificates

You are welcome; thank you for clarifying.
Unfortunately, there is no automatic install option for this. In addition to the post-notification message, since you are already presenting bookmarks to users, you can create a bookmark to the certificate server and provide instructions, either as part of the bookmark description or a post-authentication message, that users must access that the first time they login from a new machine.

I also wanted to confirm that Host Checker cannot check for the presence of a trusted root CA on the client.
Occasional Contributor

Re: Trusted certificates

Zanyterp, is HTML not useable in the post-authentication and pre-authentication notifications?