Configuring a Secure Access Certificate Server Instance (NSM Procedure)

The certificate server feature allows users to authenticate based on attributes contained in client-side certificates. You may use the certificate server by itself or in conjunction with another server to authenticate users and map them to roles.

To configure certificate server instance:

  1. In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure user roles.
  2. Click the Configuration tab, and then select System > Configuration > Certificates > Trusted Client CAs tab to import the CA certificate used to sign the client-side certificates. The corresponding workspace appears.
  3. Select Authentication > Auth Servers.
  4. Click the New button. The New dialog box appears.

    Note: If you want to update an existing server instance, click the appropriate link in the Auth Server Name box, and perform the Steps 5 through 8.

  5. Specify a name to identify the server instance.
  6. Select Certificate Server from the Auto Server Type list.
  7. Configure the server using the settings described in Table 46.
  8. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 46: Secure Access Certificate Configuration Details

OptionFunctionYour Action
Certificate Settings

User Name Template

Specifies how the Secure Access device should construct a username.

Enter any combination of certificate variables contained in angle brackets and plain text.

Server Catalog > Expressions tab


Specifies a name for the user expression in the certificate server user directory.

Enter a name.


Specifies a value for the user expression in the certificate server user directory.

Enter a value.

Related Documentation