Authenticate administrators using certificate-based authentication

You can authenticate administrators using an X.509 certificate stored in the Windows certificate store, on a smart card like a Common Access Card (CAC), or via SMC Web Access.

One of the following ways can be used to authenticate administrators using certificate-based authentication to log on to SMC:
  • Certificate-based authentication for Installed Clients: The smart card reader or certificate files can be used to authenticate administrators. For more details:
    • On how to log on to SMC using certificates, refer to the Log on to the SMC using certificate-based authentication topic.
    • On how to configure certificate-based authentication for installed clients, refer to the Configuring certificate-based authentication for installed clients topic.
    Note:
    • If the smart card reader is used to authenticate administrators, you must have the smart card reader and corresponding software installed.
    • If the certificate files are used to authenticate administrators, you must save the certificates in the Windows certificate store.
  • Certificate based authentication for SMC Web Access: Administrators can be authenticated by using certificates in the browser when using SMC Web Access. For more details on how to configure certificate-based authentication for SMC Web Access, refer to the Configuring certificate-based authentication for SMC Web Access topic.
    Note: You must save the certificates in the Windows certificate store.
  • Certificate based authentication for both Installed Client and SMC Web Access: You can enable both the certificate-based authentication for Installed Client and the certificate-based authentication for SMC Web Access at the same time to authenticate administrators. For more details on how to configure certificate-based authentication for SMC Web Access, refer to the Configuring certificate-based authentication for both Installed Client and SMC Web Access topic.
A client certificate in the Windows certificate store is used for client authentication. There is also a trusted certificate authority (CA) for the client certificate in the Windows certificate store. There are two ways to store the private key for the client certificate:
  • The private key can be stored on a smart card, from which the client certificate can be populated to the Windows certificate store.
  • A Windows software provider can be used for key storage.
Note: Certificate-based authentication is only supported for SMC Clients installed in Windows 10. Certificate-based authentication is not supported for Web Portal Users.