This article describes how to configure certificate authentication such that username and password fields are not required for authentication.

Requirements

Ensure that you install the client certificates on the client workstations that will be attempting to authenticate against the AAA virtual server.

• A client certificate issued by a trusted Certificate Authority (CA).

• A CA root certificate on the AAA virtual server.

Instructions

To configure certificate authentication without using any other authentication policy, complete the following procedure:

1. Add a CA certificate on the AAA virtual server. CA must issue the client certificate to be used on the user side.

   

2. Click SSL Parameter.

3. Select Client Authentication as Mandatory.

   

4. Add an authentication policy on the AAA virtual server with authentication type as CERT.

   Note: You can customize the expression or retain it as ns_true.

   
5. Add a CERT authentication server.

   Note: If the requirement is to extract the user name and password from the client certificate, then set Two Factor as ON and select user name and group details from the subject and issuer fields in the certificate.

   

6. Bind this certificate authentication policy to the AAA virtual server.

   

7. Bind this AAA virtual server to the load balancing virtual server by specifying its FQDN in the Advance tab.

   

8. Import the client certificate on the browser.

9. Open the load balancing virtual server. A prompt with certificates appears.

10. Select the appropriate client certificate.