Requiring Authentication

Requiring Client Certificates for Authentication

If you want additional authentication, you can configure the Access Gateway to require client certificates for authentication.

The Access Gateway can authenticate a client certificate that is stored in either of these locations:

- In the certificate store of the Windows operating system on a client computer. In this case, the client certificate is installed separately in the certificate store using the Microsoft Management Console.

- In a smart card or a hardware token. In this case, the certificate is embedded within the smart card and read from a smart card reader attached to the network.

Note: The Access Gateway is configured in the same way regardless of whether the certificates are stored in the Windows operating system or on a smart card. No special configurations are required to support client certificates stored in either of these locations.

If clients are connecting using kiosk mode or from a Linux computer, client side certificates are not supported. If client certificates are enabled in the Access Gateway, Linux Clients and kiosk mode do not work.

If you configure the Access Gateway to require client certificates, every user who logs on through the Access Gateway must present a secure client certificate. The certificate can originate from the certificate store in Windows or a smart card.