The device authentication is carried out in parallel to the user authentication. In DualShield, we need to create a separate database to keep device certificates and to create a separate logon procedure. 

  1. Create a new logon procedure



    In this logon procedure, add a logon step with "certificate" as the only authenticator



  2. Create a new application
    We will use the Application Wizard to create a new application







  3. Bind the new logon procedure to the new application



  4. Register a new Radius Client


  5. Create a new user
    1. Click "Directory | Users" in the main menu
    2. Select "NetMotion - Devices" domain in the left panel
    3. Click "Create" on the toolbar in the right panel



    Enter the Login Name in the form of "host/xxx", where "xxx" is the subject CN of the device certificate, e.g. "demo.test", the rest fields in the form are insignificant.

  6. Import device cerficate

    1. Select "Certificate" in the context menu



    2. Click "Import Certificate" button on the toolbar


      Import the device certificate (PEM format, no private key)