Skip to main content
McAfee Enterprise MVISION Cloud

Client Certificate List

The client certificate list is a list of certificates that can be sent to a web server when a client request is received on an appliance in SSL-secured communication and passed on to the appropriate web server.

The certificate is sent when the web server asks for it at the initial and subsequent handshakes, as SSL renegotiation is performed.

A rule event tells the appliance to use a client certificate for communication with the web server. The certificate can then be selected from the client certificate list.

In this case, the private key for the certificate must be provided by the client that sent the request.

Alternatively, a preconfigured certificate can be used that is always sent to the web server.

The rule event that triggers the use of a certificate from the client certificate list can belong to rules that apply to CONNECT requests (even in transparent setups) or to rules in rule sets for certificate verification that have CERTVERIFY as value for the Command.Name property in their criteria.

You can configure settings for the rule event that include a client certificate list and the instruction to use it. The settings can also specify that the private key for the certificates that the clients of the appliance provide is stored unencrypted.

Create a client certificate list

You can create a list of client certificates that can be sent to web servers in SSL-secured communication.

  1. Select Policy | Settings.
  2. On the settings tree, select SSL Client Certificate Handling and click Add.

The Add Settings window opens with the Add Settings tab selected.

  1. Configure general settings parameters.
    1. In the Name field, type a name for the settings.
    2. [Optional] In the Comments field, type a plain-text comment on the settings.
    3. [Optional] Click the Permissions tab and configure who is allowed to access the settings.
  2. Under Client Certificate Handling, make sure the option Use client certificate from Known client certificates list if client has proven ownership is selected.
  3. On the toolbar of the Known client certificates list, click Add.

The Add Client Certificate window opens.

  1. Click Import to import a client certificate.

The Import Client Certificate window opens.

  1. Import a client certificate.
    1. Next to the Certificate field, click Browse, and within the local file manager that opens, browse to a suitable certificate file and select it.
      The file manager closes and the certificate file name appears in the field.
    2. Next to the Private key field, click Browse, and within the local file manager that opens, browse to a suitable key file and select it.
      The file manager closes and the key file name and password appear in the Private key and Password fields.
    3. Click OK.
      The window closes and the certificate file information appears in the Import Client Certificate window.
    4. [Optional] In the Comments field, type a plain-text comment on the certificate.
  2. Click OK.

The Add Client Certificate window closes and the certificate file name and comment (if provided) appear in the Known client certificates list.

Repeat Steps 5 to 8 for any other certificate you want to add to the list.

  1. Click OK to close the Add Settings window.
  2. Click Save Changes.

 

  • Was this article helpful?