Requiring Valid User Certificates

The system supports upload of CRLs in Distinguished Encoding Rules (DER) format. You can only load one CRL for a server.

To ensure that the list of revoked certificates stays current, you can create a scheduled task to update the CRL. The most recent refresh of the CRL is listed in the interface.

Note	You must have a valid user certificate present in your browser (or a CAC inserted in your reader) to enable user certificates and to access the web interface after doing so.

Before you begin

Use the same certificate authority used for the server certificate to generate the user certificate.
Upload the intermediate certificate for the certificates; see Server Certificate Upload.

Procedure

Step 1

Choose System ( system gear icon ) > Configuration.

Step 2

Click HTTPS Certificate.

Step 3

Choose Enable User Certificates. If prompted, select the appropriate certificate from the drop-down list.

Step 4

If you want to retrieve the CRL, choose Enable Fetching of CRL.

Step 5

Enter a valid URL to an existing CRL file and click Refresh CRL. The current CRL at the supplied URL loads to the server.

Note	Enabling fetching of the CRL creates a scheduled task to update the CRL on a regular basis. Edit the task to set the frequency of the update.

Step 6

Verify that you have a valid user certificate generated by the same certificate authority that created the server certificate.

Caution

If you save a configuration with enabled user certificates, but you do not have a valid user certificate in your browser certificate store, you disable all web server access to the appliance. Make sure you have a valid certificate installed before saving settings.

Step 7

Click Save.