Configure client certificate authentication using advanced policies
Following are the steps to configure client certificate authentication on Citrix ADC using advanced policies.
- Navigate to Security > AAA - Application Traffic > Virtual Servers.
In the details pane, select the virtual server that you want to configure to handle client certificate authentication, and click Edit.
If you have imported a valid CA certificate and server certificate for the virtual server you can skip step 3 to step 10.
- On the Configuration page, under Certificates, click > to open the CA Cert Key installation dialog box.
- In the CA Cert Key dialog box, click Insert.
- In the CA Cert Key - SSL Certificates dialog box, click Install.
In the Install Certificate dialog box, set the following parameters, whose names correspond to the CLI parameter names as shown:
- Certificate-Key Pair Name—certkeyName
- Certificate File Name—certFile
- Key File Name—keyFile
- Certificate Format—inform
- Certificate Bundle—bundle
- Notify When Expires—expiryMonitor
- Notification Period—notificationPeriod
- Click Install, and then click Close.
- In the CA Cert Key dialog box, from the Certificate list, select the root certificate.
- Click Save.
- Click Back to return to the main configuration screen.
- Navigate to Security > AAA - Application Traffic > Policies > Authentication > Advanced Policies, and then select Policy.
In the details pane do one of the following:
- To create a new policy, click Add.
- To modify an existing policy, select the policy, and then click Edit.
In the Create Authentication Policy or Configure Authentication Policy dialog box, type or select values for the parameters.
- Name - The policy name. Cannot be changed for a previously configured policy.
- Action Type - Select Cert
- Action - The authentication action (profile) to associate with the policy. You can choose an existing authentication action, or click the plus and create a new action of the proper type.
- Log Action - The audit action to associate with the policy. You can choose an existing audit action, or click the plus and create a new action.
- Expression - The rule that selects connections to which you want to apply the action that you specified. The rule can be simple (“true” selects all traffic) or complex. You enter expressions by first choosing the type of expression in the leftmost drop-down list beneath the Expression window, and then by typing your expression directly into the expression text area, or by clicking Add to open Add Expression dialog box and using the drop-down lists in it to construct your expression.)
- Comment - You can type a comment that describes the type of traffic that this authentication policy will apply to. Optional.
- Click Create or OK, and then click Close. If you created a policy, that policy appears in the Authentication Policies and Servers page.