To configure certificate authentication for the web console, you will also need to configure certificate authentication for API access. Both of these tasks are outlined in the next section.
After you make the necessary configuration settings in Trust Protection Platform, you need to configure Microsoft IIS Manager to accept certificate authentication. For specific steps, see the following procedures.
- From the Platform menu bar, click Venafi Servers.
Click on the Authentication tab.
Check the box for Certificate Authentication.
This enables certificate authentication for the web console. In the next steps, you will configure the specific settings by enabling and configuring certificate authentication for API users.
- From the Platform menu bar, click API > Default Settings.
In the Authentication section, check the box for Certificate.
Fields specific for certificate authentication are shown.
In the Location field, select field on the X.509 certificate you want to use for matching users with your system's unique identities.
In the Trusted certificate authorities field, select which CA(s) you want to use as trusted root CAs for issuing client certificate for authentication.
Use the check boxes to select multiple CAs if needed.
- Log out of Venafi Platform.
Log back in to Venafi Platform.
You should see the status message A valid certificate credential is required to log in.
Now that certificate authentication has been enabled and configured for web console access, need to configure some settings in IIS.
- Open Server Manager on the Venafi server.
- Click Tools.
- Click Internet Information Services (IIS) Manager.
- Navigate to Sites > Venafi > Aperture.
- Click SSL Settings.
Select Require SSL, and then under Client Certificates, select Require.
- Click Apply.