Configure a Panorama Administrator with Certificate-Based
Authentication for the Web Interface
As a more secure alternative to password-based
authentication to the Panorama web interface, you can configure
certificate-based authentication for administrator accounts that
are local to Panorama. Certificate-based authentication involves
the exchange and verification of a digital signature instead of
a password.
Configuring certificate-based
authentication for any administrator disables the username/password
logins for all administrators on Panorama and all administrators
thereafter require the certificate to log in.
Generate a certificate authority (CA) certificate
on Panorama.
You will use this CA certificate to sign the client certificate
of each administrator.
Panorama restarts and terminates your login session. Thereafter, administrators
can access the web interface only from client systems that have
the client certificate you generated.
Import the client certificate into the client system
of each administrator who will access the web interface.
Refer to your web browser documentation as needed to complete
this step.
Verify
that administrators can access the web interface.
Open the Panorama IP address in a browser
on the computer that has the client certificate.
When prompted, select the certificate you imported
and click
OK
. The browser displays a certificate
warning.
Add the certificate to the browser exception list.
Click
Login
. The web interface
should appear without prompting you for a username or password.