Managing Authentication Portal Service Parent topic

You can manage the authentication portal’s certificate that are used for authentication for users who want to access web resources.
NOTICE
NOTICE
After saving the configuration performed in this procedure, the authentication service will be restarted.
The recommendation is to perform this operation during non-work time.

Procedure

  1. Go to AdministrationSystem SettingsAuthentication portal service.
  2. Specify the authentication portal FQDN, end users will be redirected to this FQDN for authentication when accessing the web sites. If the user doesn't specify the authentication portal FQDN, Deep Discovery Web Inspector will use the hostname by default.
    Note
    Note
    Administrators must add correct DNS records for the authentication portal’s FQDN.
    • By default, add eth0’s IP address as a resolving record for authentication FQDN in DNS server.
    • If configuring dedicated interface for authentication service, you need to add eth2’s IP address as a resolving record in bridge mode and eth4’s IP address in proxy mode.
    • If users want to import their own certificate and private key, the FQDN entered must match the subject alternative name or common name in the certificate.
  3. Under Assign certificate, select one of the following:
    The certificate is used to sign an endpoint certificate for the Captive Portal.
    Option
    		 Description
    Assign by importing certificate
    To import a certificate manually.
    Assign by HTTPS policy
    To use the CA certificate from a specified HTTPS Inspection policy.
    Important
    Important
    Before selecting and configuring an authentication certificate using the Assign by HTTPS policy option, you should ensure that the CA certificate of the selected HTTPS Inspection policy is installed on client machines before changing the authentication certificate. This ensures that clients/browsers can build a complete certificate chain, thus avoiding authentication failures.
  4. Perform the appropriate steps, depending on method of certificate assignment.
    Method
    		 Steps to Take
    Assign by importing certificate
    1. Select the Import type:
      • PEM/DER
        The certificate file is in PEM or DER file format.
      • PKCS7
        The certificate file is in P7B or PKCS#7 file format.
      • PKCS12
        The certificate file is in PFX or PKCS#12 file format.
    2. In Certificate, browse and choose the certificate file.
    3. For the PEM/DER and PKCS7 formats: In Private key, browse and choose the private key file for the certificate file.
    4. Enter the password of the private key and then confirm it.
    5. Click Verify Certificate to verify that the certificate is valid.
    Assign by HTTPS policy
    1. In Assign from HTTPS policies select the HTTPS Inspection policy with the CA certificate that will be used to sign an endpoint certificate for authentication.
    2. Verify the correct HTTPS Inspection policy is selected.
    Note
    Note
    When using the CA certificate from an HTTPS Inspection certificate to sign an endpoint certificate:
    • CommonName = authentication portal FQDN of Deep Discovery Web Inspector appliance
    • Signature algorithm: sha256RSA
    • Subject Alternative Name: DNS Name = authentication portal FQDN of Deep Discovery Web Inspector appliance
  5. Click Save.