Product Documentation

Configuring and Binding a Client Certificate Authentication Policy

Jan 23, 2014
You can create a client certificate authentication policy and bind it to a virtual server. You can use the policy to restrict access to specific groups or users. This policy takes precedence over the global policy.

To configure a client certificate authentication policy

  1. In the configuration utility, on the Configuration tab, expand NetScaler Gateway > Policies > Authentication.
  2. In the navigation pane, under Authentication, click Cert.
  3. In the details pane, click Add.
  4. In Name, type a name for the policy.
  5. Next to Server, click New.
  6. In Name, type a name for the profile.
  7. Next to Two Factor, select OFF.
  8. In User Name Field and Group Name Field, select the values and then click Create.
    Note: If you previously configured client certificates as the default authentication type, use the same names that you used for the policy. If you completed the User Name Field and Group Name Field for the default authentication type, use the same values for the profile.
  9. In the Create Authentication Policy dialog box, next to Named Expressions, select the expression, click Add Expression, click Create and then click Close.

To bind a client certificate policy to a virtual server

After you configure the client certificate authentication policy, you can bind it to a virtual server.

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway and then click Virtual Servers.
  2. In the details pane, click a virtual server and then click Open.
  3. In the Configure NetScaler Gateway Virtual Server dialog box, click the Authentication tab.
  4. Click Primary or Secondary.
  5. Under Details, click Insert Policy.
  6. In Policy Name, select the policy and then click OK.

To configure a virtual server to request the client certificate

When you want to use a client certificate for authentication, you must configure the virtual server so that client certificates are requested during the SSL handshake.

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway and then click Virtual Servers.
  2. In the details pane, click a virtual server and then click Open.
  3. On the Certificates tab, click SSL Parameter.
  4. Under Others, click Client Authentication.
  5. In Client Certificate, select Optional or Mandatory and then click OK twice. Select Optional if you want to allow other authentication types on the same virtual server and do not require the use of client certificates.