Venafi Trust Protection Platform 14.1+
Enable certificate authentication in Trust Protection Platform
- Log in to the Web Administration Console
- In the Platforms tree, make sure the root Platform object is highlighted and click the Authentication tab
- Check "Certificate Authentication"
- Click Apply.
- Log out of the Web Administration Console
- Launch the Web Administration Console. You should see the status message A valid certificate credential is required to log in.
Configure IIS Manager to accept certificate authentication
- Open Administrative Tools.
- Click IIS Manager.
- Navigate to the top-level Venafi site.
- Click VEDAdmin
- Click SSL Settings.
- Select Require SSL and, under Client Certificates, select Require.
- Repeat steps 5 and 6 for Aperture
Requirements for Authentication Certificate:
- Must be issued by the same certificate authority that the VOC (Venafi Operational Certificate) is issued from. The VOC is the certificate used within IIS to enable HTTPS for Venafi web consoles and other web services.
- The Common Name of the certificate must contain your username, it is what is used by Venafi to locate your account in the identity system (ex: Active Directory) and assign appropriate permissions to the user session.
- Your certificate must have the key usage of "Client Authentication"