About jkurtz

jkurtz · ‎07-14-2021

Hi All, the EKU a supported field when doing a mahcine cert check in host checker? Is there a list of varialbles supported for this feature?

jkurtz · ‎07-12-2021

Not sure if this helps but cert ranking can help identify the cert that is eventually used during machine auth. In ranking, one 1 cert will be chosen, so if you have multiple certs only 1 will be evaluated...you could then have an auth role cert filter matching something in the subject field. https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40329

jkurtz · ‎07-09-2021

Is there any way to use machine auth with a certificate, and lock the cert used by EKU attributes? I have not been successful yet. Looks like it might work with client. I am able to use the subject field in the auth realm and role, but we would rather use the KU/EKU fields. Or any other ideas on how to lock this kind of connection down while using a certificate? Thank you for the help!!

zanyterp · ‎07-08-2021

no, once they are cleared, they cannot be uploaded again

jkurtz · ‎07-08-2021

Thank you for the response! So we have multiple multiple seperate clusters and use DNS to control what boxes are able to serve clients. Assuming we dont care about all cluster nodes going down at the same time, would we be able to just reboot all cluster boxes at the same time without breaking anything? Thank you again for the help!

Host checker machine cert supported variables

Re: Certificate Matching

Locking down authentication, using machine auth wi...

Re: Is there any way to restore logs back on a PCS...

Re: Pulse Secure Connect cluster, upgrade all node...