From the authentication's point of view, device certificate authentication is basically Certificate Based Authentication (CBA).
Certificate Based Authentication (CBA) is a mutual certificate based authentication, where the client provides its Client Certificate to the Server to prove its identity. A client certificate is issued by a certificate authority (CA). DualShield has a built-in Root CA and it will use its built-in CA to issue device certificates.
To set up device certificate authentication in DualShield, we need to complete the steps below
Import the Root CA
In the DualShield Admin Console, navigate to "Repository | Certificates | Certificate Authority"
Click the "Import Root CA" button on the toolbar.
The Root CA should appear in the Certificate Authorities list as shown bellow:
Enable Client Authentication on the Root CA
Edit the Root CA
Enable the "Client Authentication" option.
Click "Save"
Add domains to the Root CA
In the Root CA's context menu, select "Domains"
Select the domains that will use the Root CA to issue device certificates.
Click "Save"
Update Trusted Store
After making changes to the CA certificates that are used for device or client certificate authentication, we need to update the Trusted Store.
Click the "Update Trusted Store" button on the toolbar
Restart DualShield service
Finally, we must restart the DualShield service.