Configure Certificate-Based Administrator Authentication
to the Web Interface
As a more secure alternative to password-based authentication to the firewall web interface, you can configure certificate-based authentication for administrator accounts that are local to the firewall. Certificate-based authentication involves the exchange and verification of a digital signature instead of a password.
Configuring certificate-based authentication for any administrator disables the username/password logins for all administrators on the firewall; administrators thereafter require the certificate to log in.
- Configure a certificate profile for securing access to the web interface.
- Set theUsername FieldtoSubject.
- In the CA Certificates section,AddtheCA Certificateyou just created or imported.
- Configure the firewall to use the certificate profile for authenticating administrators.
- Selectand edit the Authentication Settings.DeviceSetupManagement
- Select theCertificate Profileyou created for authenticating administrators and clickOK.
- Configure the administrator accounts to use client certificate authentication.
- Generate a client certificate for each administrator.
- Export the client certificate.
- Commityour changes. The firewall restarts and terminates your login session. Thereafter, administrators can access the web interface only from client systems that have the client certificate you generated.
- Import the client certificate into the client system of each administrator who will access the web interface.Refer to your web browser documentation.
- Verify that administrators can access the web interface.
- Open the firewall IP address in a browser on the computer that has the client certificate.
- When prompted, select the certificate you imported and clickOK. The browser displays a certificate warning.
- Add the certificate to the browser exception list.
- ClickLogin. The web interface should appear without prompting you for a username or password.
Recommended For You
Recommended videos not found.