Add certificate authentication attributes to a DAP record

Adding certificate authentication attributes to a DAP allows you to control access based on specific certificate fields such as subject, issuer, and serial number.

You can index each certificate to allow referencing to any of the received certificates, by the configured rules. Based on these certificate fields, you can configure DAP rules to allow or disallow connection attempts.

Note

This configuration is applicable only for certificates used with multiple certificate authentication. It does not apply for single client certificate authentication.

Procedure

Step 1

Choose Secure Connections > Dynamic Access Policy.

Step 2

Create or edit a DAP record.

Step 3

Click the Endpoint Criteria tab and click Multiple Certificate Authentication.

Step 4

Select the Match criteria as All or Any.

Step 5

Click + to add certification authentication criteria.

In the Multiple Certificate Authentication Criteria dialog box, configure these parameters:

  1. Select Cert1 or Cert2 certificate.

  2. Select the Subject and specify the subject value.

  3. Select the Issuer and specify the issuer value.

  4. Select the Subject Alternate Name and specify the subject value.

  5. Specify the Serial Number.

  6. Choose the Certificate Store as None, Machine, or User.

    The VPN client sends the certificate store information.

  7. Click Save.