Page History

From the authentication's point of view, device certificate authentication is basically Certificate Based Authentication (CBA). 

Include PageSet up Certificate Based AuthenticationSet up Certificate Based Authentication (CBA) is a mutual certificate based authentication, where the client provides its Client Certificate to the Server to prove its identity. A client certificate is issued by a certificate authority (CA). DualShield has a built-in Root CA and it will use its built-in CA to issue device certificates.

To set up device certificate authentication in DualShield, we need to complete the steps below

Import the Root CA

In the DualShield Admin Console, navigate to "Repository | Certificates | Certificate Authority" 

Click the "Import Root CA" button on the toolbar.

The Root CA should appear in the Certificate Authorities list as shown bellow:

Image Added

Enable Client Authentication on the Root CA

Edit the Root CA

Image Added

Image Added

Enable the "Client Authentication" option.

Click "Save"

Add domains to the Root CA

In the Root CA's context menu, select "Domains"

Image Added

Image Added

Select the domains that will use the Root CA to issue device certificates.

Click "Save"

Update Trusted Store

After making changes to the CA certificates that are used for device or client certificate authentication, we need to update the Trusted Store.

Click the "Update Trusted Store" button on the toolbar

Image Added

Image Added

Restart DualShield service

Finally, we must restart the DualShield service.