Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring a Secure Access Certificate Server Instance (NSM Procedure)

    The certificate server feature allows users to authenticate based on attributes contained in client-side certificates. You may use the certificate server by itself or in conjunction with another server to authenticate users and map them to roles.

    To configure certificate server instance:

    1. In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure user roles.
    2. Click the Configuration tab, and then select System > Configuration > Certificates > Trusted Client CAs tab to import the CA certificate used to sign the client-side certificates. The corresponding workspace appears.
    3. Select Authentication > Auth Servers.
    4. Click the New button. The New dialog box appears.

      Note: If you want to update an existing server instance, click the appropriate link in the Auth Server Name box, and perform the Steps 5 through 8.

    5. Specify a name to identify the server instance.
    6. Select Certificate Server from the Auto Server Type list.
    7. Configure the server using the settings described in Table 1.
    8. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 1: Secure Access Certificate Configuration Details

    OptionFunctionYour Action
    Certificate Settings

    User Name Template

    Specifies how the Secure Access device should construct a username.

    Enter any combination of certificate variables contained in angle brackets and plain text.

    Server Catalog > Expressions tab


    Specifies a name for the user expression in the certificate server user directory.

    Enter a name.


    Specifies a value for the user expression in the certificate server user directory.

    Enter a value.

    Published: 2013-01-03