Client Consent Certificates and the ProxySG Using Client Consent Certificates You want information about using Client Consent Certificates
The SSL Proxy, in forward proxy deployments, can specify whether a client certificate is required. These certificates are used for user consent, not for authentication. Whether they are needed depends upon local privacy laws.
With client consent certificates, each user is issued a pair of certificates with the corresponding private keys. Both certificates have a meaningful user-readable string in the common name field. One certificate has a string that indicates grant of consent something like: Yes, I agree to SSL interception. The other certificate has a common name indicating denial of consent, something like: No, I do not agree to SSL interception.
Policy is installed on the ProxySG to look for these common names and to allow or deny actions. For example, when the string Yes, I agree to SSL interception is seen in the client certificate common name, the connection is allowed; otherwise, it is denied.
To Configure Client Consent Certificates:
Install the issuer of the client consent certificates as a CA certificate.
In VPM, configure the Require Client Certificate object in the Action column of the SSL Layer.
Configure the Client Certificate object in the Source column to match common names.
Imported Document ID: 000008552
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.