Is there any support for SSL client certificates prior to SGOS 184.108.40.206?
SGOS 220.127.116.11 introduced support for presenting entire client certificates to SSL servers that require client certificate authentication (see KB4819 for more information). Prior to this release, there indeed was support for client certificates but to a limited extent.
It is possible for the ProxySG on versions prior to 18.104.22.168 to verify the client's certificate and forward it (not the entire certificate but certain attributes) when intercepted on an HTTPS-Reverse-Proxy service as explained in KB1418 and shown in the image below .
For example: If you created a keyring with a signed certificate by submitting a certificate signing request (CSR) you can associate that keyring with the SSL client to be used for client certificate authentication to the backend server(s). This can be set by going to the Management Console>Configuration>SSL>SSL Client (see image below):
*Note: To be clear, the limitation here is that setting the SSL client keyring only allows you to use the same certificate for any and all SSL servers to which the ProxySG connects which require a client certificate.
Rate this Page
Please take a moment to complete this form to help us better serve you.