cancel
Showing results for 
Search instead for 
Did you mean: 

Use Certificate authentication in Juniper SSL VPN

Highlighted
New Contributor

Use Certificate authentication in Juniper SSL VPN

Hi Everybody,

 

I am investigating how to generate Client Cert from Microsoft CA server in order implement client cert authen in Juniper SA SSL VPN.

 

is it need to generate cert for each user or just one cert can allow all user to do authentication even they are belongs to different Role or Realm?

I have no idea that how to do that, please help to provide instruction.

 

Regards,

Ray

3 REPLIES 3
Highlighted
Frequent Contributor

Re: Use Certificate authentication in Juniper SSL VPN

I guess I would want to know why you want to implement client certificate authetication. In general, sharing the same client certificate among multiple users would be similiar to sharing the same username password. A client certificates is typically issued to a single user. For most of our customers we combine the client certiticate auth with Active Directory UN/PW. So in order access VPN a user has to have a the client cert on their device and know their credentials.

Another option for you might be to use device certficates. This works well if the devices are members of an AD domain which typically provisions the client cert when the machine is joined. Again I would suggest also requiring UN/PW in combinatioin with the device cert.

For role mapping you can extract the username from the certificate(assuming you are not sharing a single cert) and map based on the AD group a user belongs to.

 

Highlighted
New Contributor

Re: Use Certificate authentication in Juniper SSL VPN

Yes, just want to reduce cost for VPN token, so if use client cert for single user, how to do that?
since i am not familiar the ca cert server operation, therefore please help to explain the procedure about this.

Many thanks
Highlighted
Regular Contributor

Re: Use Certificate authentication in Juniper SSL VPN

Hi Ray,

 

After installing certificate service ont he Server a user can request for a user certificate.

 

Please refer the following link for generating user certificate

 

http://social.technet.microsoft.com/Forums/exchange/en-US/0ebacfd6-6941-4da1-ba02-683b53eb2afa/clien...

 

Regards,

SVK