Configuring certificate-based authentication for SMC Web Access

You can use certificates in the browser to authenticate administrators via SMC Web Access.

Steps

  1. Create a TLS Credentials element to define the certificate that is used to authenticate the Management Server in communications for certificate-based authentication. For more details, refer to the Configure TLS inspection for server protection topic.
    Note:
    • You can generate and sign a new certificate request or import an existing certificate.
    • The certificate defined in the TLS Credentials element is used for server authentication. The SMC Client validates the server certificate path using the trusted CA certificates in the Windows certificate store.
    • If SMC is configured to use externally signed certificates for internal management communication, the TLS Credentials field can be left empty. In this case, the same management server certificate that is used for other management communications is used in SMC Client communication for client certificate authentication.
  2. Create a TLS profile element to define the trusted CAs for the Management Server and the client certificates. For more details, refer to the Create TLS Profile elements topic.
    Note: Make sure that the TLS Profile element includes the trusted CAs for both the Management Server's certificate and for the client certificates. The trusted CA can be the same for the certificate of the Management Server and for the client certificates.
  3. Configure the Management Server for certificate-based authentication.
    1. Select Network Elements.
    2. Browse to Servers.
    3. Right-click the Management Server, then select Properties.
    4. From the General tab, next to the TLS Profile field, click Select, then select a TLS Profile element.
    5. From the SMC Web Access tab, select the Client Certificate Authentication checkbox.
      Note: You must select the Client Certificate option as the authentication method in the administrator properties.
    6. Click OK.
    7. Restart the SMC Web Access:
      1. Select Dashboards > Servers / Devices Dashboard.
      2. Right-click the management server, and then select the More actions > Restart Web Access option.
  4. In the properties of each Administrator, configure certificate-based authentication.
    1. Select Administration.
    2. Select Access Rights > Administrators.
    3. Right-click an Administrator element, then select Properties.
    4. From the Authentication drop-down list, select Client Certificate.
    5. From the Client Identity Type drop-down list, select the certificate attribute that is used to identify the administrator.
    6. Specify the value of the certificate attribute in one of the following ways:
      • In the Identity Value field, enter the value of the certificate attribute.
      • Click Fetch From Certificate, then import the certificate to get the value from the certificate.
    7. Click OK.
  5. If the certificate for the Management Server was not signed using a CA that is already trusted by the administrators' client operating systems, add the CA that signed the certificate as a trusted CA on each administrator's computer.
    1. Export the CA certificate from the CA that signed the certificate for the Management Server.
    2. Import the CA certificate on each administrator's computer.
    3. Configure the operating system to trust the CA certificate.