>That particular verbiage ('An untrusted certificate authority was > detected') only occurs when there's broken trust issue at the DC > (missing root or missing issuer). I also have the self-signed cert that I used as the CA for my test cert in trusted roots. If a match is found, the administrator login page is displayed, and you can use your administrator credentials to continue managing the SonicWall security appliance.In the certificate manager the Mac certificate, the DoC CACs and my test certs are showing 'Client Authentication' in the Intended Purposes field. If OCSP is enabled, before the administrator login page is displayed, the browser performs an OCSP check and displays the following message while it is checking. If no match is found, the browser displays a standard browser connection fail message, such as: If a match is found, the administrator login page is displayed. When you begin a management session through HTTPS, the certificate selection window displays asking you to confirm the certificate.Īfter you select the client certificate from the drop-down menu, the HTTPS/SSL connection is resumed, and the SonicWall security appliance checks the Client Certificate Issuer to verify that the client certificate is signed by the CA. If you use the Client Certificate Check with a CAC, the client certificate is automatically installed on the browser by middleware. If you use the client certificate check without a CAC, you must manually import the client certificate into the browser. The link should point to the Common Gateway Interface (CGI) on the server side which processes the OCSP checking. If the client certificate does not have an OCSP link, you can enter the URL link. The OCSP Responder URL is usually embedded inside the client certificate and does not need to be entered.
The OCSP Responder URL field contains the URL of the server that will verify the status of the client certificate. The Enable OCSP Checking box allows you to enable or disable the Online Certificate Status Protocol (OCSP) check for the client certificate to verify that the certificate is still valid and has not been revoked.
If the appropriate CA is not in the list, you need to import that CA into the SonicWall security appliance. The Client Certificate Issuer drop-down menu contains a list of the Certification Authority (CA) certificate issuers that are available to sign the client certificate. The Enable Client Certificate Check box allows you to enable or disable client certificate checking and CAC support on the SonicWall security appliance. NOTE: CACs may not work with browsers other than Microsoft Internet Explorer.
0 kommentar(er)
