Introduction
The pre-requisite to create SSL/TLS profile is to either generate/import the portal/gateway 'server certificate' and its chain To import a certificate generated externally, navigate to DeviceCertificate ManagementCertificates and click on ' import ' at the bottom. In this post we will see how to deploy client certificate for Mac computers. If you are looking to install SCCM client agents on Mac computers and manage Mac computers in System Center 2012 Configuration Manager, it requires public key infrastructure (PKI) certificates.
The steps for configuring Client side SSL (CSSL) for a SecureAuth appliance setup to validate CAC or PIV Cards
- Download root/intermediate DOD certificates.
- Install certificates as administrator.
- Verify installation of certificates into local computers cert store (not users)
- Connecting to Outlook Web Access and AF Portal from Personal Computer (Windows 10 Only) DO NOT SAVE FOUO OR PII TO HOME COMPUTER - To connect to OWA from you home computer you will need to take home your CAC enabled keyboard or standalone CAC reader. Once at your home workstation verify that you have Windows 10. If windows 10 is installed plug.
- Regarding 2): AF Portal can be accessed by CAC, only if your CAC has been registered with Portal ahead of time. Although I could get to Portal with a username/password, Gunter Annex could not help register my CAC from within Portal. I will go back to work, register the card again, and see if it works from home.
- Go to Device GlobalProtect Portal Client Configuration. In the Portal dialogue window, select Client Configuration and then open a configuration profile that is listed there. The following dialogue window is displayed. The Client Certificate field specifies the certificate that the GlobalProtect must present to the Gateway to certify the.
Installing DOD Certificates
When SecureAuth prompts for a CAC or PIV certificate your webserver is actually matching the client side SSL certificates with the certificates that are installed on your SecureAuth appliance. In order to check these client side certificates we need to install the root and intermediate certificates on the appliance. If you have a specific set of root and intermediate certificates you can install them, if you do not this is the process to install the DOD root and intermediate certificates on the SecureAuth appliance.
1. Open the browser on the server and navigate tomilitarycac.com's download section HERE
2. Download'InstallRoot 3.13.1a from MilitaryCAC'
3. You might be prompted to add militarycac.com to your trusted sites to complete the download
4. Click 'Open' so that the file automatically launches
No Client Certificate Presented For Af Portal On Macbook Pro
5. Right-click 'InstallRoot_v3.13.1A' and select 'Run as administrator'
6. At the security warning click 'Yes'
7. Accept the security warning if prompted
Verify the DOD Certificates were properly installed
1. Click the start menu/SecureAuth/Tools and select 'Certificates Console'
No Client Certificate Presented Af Portal Mac
2. Navigate to 'Trusted Root Certification Authorities' and ensure you have the DOD Root CA certificate installed
No Client Certificate Presented For Af Portal On Mac Os
3. Navigate to 'Intermediate Certificate Authorities' and ensure the intermediate certs are there