Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

111

112

113

114

115

116

117

118

119

120

108 GlobalProtect Administrator’s Guide

Set Up Administrative Access to the Mobile Security Manager Set Up the GlobalProtect Mobile Security Manager

Enable Certificate-Based Authentication for the Web Interface

As a more secure alternative to using a password to authenticate an administrative user, enable certificate-based

authentication for securing access to the Mobile Security Manager. With certificate-based authentication a digital

signature is exchanged and verified, in lieu of a password.

Use the following instructions to enable certificate-based authentication.

Create an Authentication Profile

Step 1 Create a server profile that defines how

to connect to the authentication server.

1. Select Setup > Server Profiles and then select the type of

authentication service to connect to (

LDAP, RADIUS, or

Kerberos).

2. Click

Add and then enter a Name for the profile.

3. Select the

Administrator Use Only check box, if appropriate.

4. Click

Add to add a new server entry and enter the information

required to connect to the service. For details on required field

values for each type of service, refer to the online help.

5. Click

OK to save the server profile.

Step 2 Create an authentication profile. 1. Select

Setup > Authentication Profile and then click Add.

2. Enter a user

Name to identify the authentication profile.

3. In the

Authentication drop-down, select the type of

authentication to use.

4. Select the

Server Profile you created in Step 1.

Step 3 Commit your changes. Click

Commit.

Enable Certificate-Based Authentication

Step 1 Generate a CA certificate on the Mobile

Security Manager.

If you want to use certificates from

a trusted third-party or enterprise

CA, you must import that CA

certificate into the Mobile Security

Manager so that it can trust the

client certificates that you generate.

To generate a CA certificate on the Mobile Security Manager:

1. Log in to the Mobile Security Manager web interface.

2. Select

Setup > Certificate Management > Certificates and click

Generate

3. Enter a

Certificate Name, and add the IP address or FQDN

that needs to be listed on the certificate in the

Common Name

field. Optionally, you can change the cryptographic settings, and

define certificate options such as country, organization, or state

etc.

4. Make sure to leave the

Signed By option blank and select the

Certificate Authority option.

5. Click

Generate to create the certificate using the details you

specified above.