A device certificate verifies that a user device is allowed to connect to the internal network. NetScaler Gateway supports device certificates that enable you to bind the device identity to a public key.
You can use any of the following as the device identity:
When users log on, you can require only the device certification as part of the authentication process. You can also require the device certificate when using pre-authentication or advanced endpoint analysis policies.
NetScaler Gateway needs to verify the device certificate before the endpoint analysis scan runs or before the logon page appears. If you configure endpoint analysis, the endpoint scan runs to verify the user device. When the device passes the scan and after NetScaler Gateway verifies the device certificate, users can the log on to NetScaler Gateway.
If you install two or more device certificates on NetScaler Gateway, users need to select the correct certificate when they start to log on to NetScaler Gateway or before the endpoint analysis scan runs.
When you create the device certificate, it must be an X.509 certificate.
For more information about creating device certificates, see the following:
After you create the device certificate, you install the certificate on NetScaler Gateway by using the procedure for Importing and Installing an Existing Certificate to NetScaler Gateway. After you install the certificate, you bind the certificate to the virtual server.
After you install device certificates on NetScaler Gateway, you need to enable the certificates for the relevant virtual server to activate them in your configuration.