The device authentication is carried out in parallel to the user authentication. In DualShield, we need to create a separate database to keep device certificates and to create a separate logon procedure.
- Create a new logon procedure
In this logon procedure, add a logon step with "certificate" as the only authenticator
- Create a new application
We will use the Application Wizard to create a new application
- Bind the new logon procedure to the new application
Register a new Radius Client
- Create a new user
- Click "Directory | Users" in the main menu
- Select "NetMotion - Devices" domain in the left panel
- Click "Create" on the toolbar in the right panel
Enter the Login Name in the form of "host/xxx", where "xxx" is the subject CN of the device certificate, e.g. "demo.test", the rest fields in the form are insignificant.
Import device cerficate
Select "Certificate" in the context menu
Click "Import Certificate" button on the toolbar
Import the device certificate (PEM format, no private key)