You enable and configure certificate authentication from the Unified Access Gateway administration console.
Prerequisites
- Obtain the root certificate and intermediate certificates from the CA that signed the certificates presented by your users.
- Verify that the Unified Access Gateway SAML metadata is added on the service provider and the service provider SAML metadata is copied the Unified Access Gateway appliance.
- (Optional) List of Object Identifier (OID) of valid certificate policies for certificate authentication.
- For revocation checking, the file location of the CRL and the URL of the OCSP server.
- (Optional) OCSP Response Signing certificate file location.
- Consent form content, if a consent form displays before authentication.
Procedure
What to do next
When X.509 Certificate authentication is configured and Unified Access Gateway appliance is set up behind a load balancer, make sure that the load-balancer is configured with SSL pass-through at the load balancer and not configured to terminate SSL. This configuration ensures that the SSL handshake is between the Unified Access Gateway and the client in order to pass the certificate to Unified Access Gateway.