McAfee EPOCDE-AA-BA Product Guide - Page 60
Configuring users for certificate authentication, Problems with certificate authentication
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 60 highlights
7 Configuring advanced server settings Authenticating with certificates To remove the server certificate, you must disable certificate based authentication. Once a server certificate is uploaded it can only be changed, not removed. Task For option definitions, click ? in the interface. 1 Open the Server Settings page by selecting Menu | Configuration | Server Settings. 2 Select Certificate Based Authentication and click Edit. 3 Deselect Enable Certificate Based Authentication, then click Save. The server settings have been changed, but you must restart the server in order to complete the configuration change. Configuring users for certificate authentication Users must have certificate authentication configured before they can authenticate with their digital certificate. Certificates used for user authentication are typically acquired with a smart card or similar device. Software bundled with the smart card hardware can extract the certificate file. This extracted certificate file is usually the file uploaded in this procedure. Task For option definitions, click ? in the interface. 1 Click Menu | User Management | Users. 2 Select a user and click Actions | Edit. 3 Select Change authentication or credentials, then select Certificate Based Authentication. 4 Use one of these methods to provide credentials. • Copy the DN field from the certificate file and paste it into the Personal Certificate Subject DN Field edit box • Upload a certificate file. Click Browse, navigate to and select the certificate file on your computer, and click OK. User certificates can be PEM- or DER-encoded. The actual certificate format does not matter as long as the format is X.509 or PKCS12 compliant. 5 Click Save to save changes to the user's configuration. The certificate information provided is verified, and a warning is issued if found invalid. From this point on, when the user attempts to log on to ePolicy Orchestrator from a browser that has the user's certificate installed, the log on form is greyed out and the user is immediately authenticated. Problems with certificate authentication Most authentication problems using certificates are caused by one of a small number of problems. If a user cannot log on to ePolicy Orchestrator with their certificate, try one of the following options to resolve the problem: • Verify the user has not been disabled. • Verify the certificate has not expired or been revoked. • Verify the certificate is signed with the correct certificate authority. 60 McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide