Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

28 GlobalProtect Administrator’s Guide

Set Up GlobalProtect User Authentication Set Up the GlobalProtect Infrastructure

Step 2 Import the Root CA certificate that issued

the client certificates contained on the

end user smart cards.

Make sure the certificate and key files are accessible from your

management system and that you have the passphrase to decrypt the

private key and then complete the following steps:

1. Select

Device > Certificate Management > Certificates >

Device Certificates

2. Click

Import and enter a Certificate Name.

3. Enter the path and name to the

Certificate File received from

the CA, or

Browse to find the file.

4. Select

Encrypted Private Key and Certificate (PKCS12) as the

File Format.

5. Select the

Import private key check box.

6. Enter the path and name to the PKCS#12 file in the

Key File

field or

Browse to find it.

7. Enter and re-enter the

Passphrase that was used to encrypt the

private key and then click

OK to import the certificate and key.

Step 3 Create the certificate profile.

Note For details on other certificate profile

fields, such as whether to use CRL or

OCSP, refer to the online help.

Create the certificate profile on each portal/gateway on which you

plan to use CAC/smart card authentication:

1. Select

Device > Certificate Management > Certificate Profile

and click

Add and enter a profile Name.

2. Make sure the

Username Field is set to None.

3. In the

CA Certificates field, click Add, select the trusted root CA

Certificate

you imported in Step 2 and then click OK.

4. Click

OK to save the certificate profile.

Step 4 Assign the certificate profile to the

GlobalProtect gateway(s) and/or portal.

This section only describes how to add

the certificate profile to the gateway or

portal configuration. For details on

setting up these components, see

Configure GlobalProtect Gateways and

Configure the GlobalProtect Portal.

1. Select

Network > GlobalProtect > Gateways or Portals and

select the configuration (or click

Add to add one).

2. On the

General tab (on the gateway) or the Portal

Configuration

tab (on the portal), select the Certificate Profile

you just created.

3. Enter an

Authentication Message to guide users as to which

authentication credentials to use.

4. Click

OK to save the configuration.

Step 5 Save the configuration. Click

Commit.

Step 6 Verify the configuration. From a client system running the GlobalProtect agent, try to connect

to a gateway or portal on which you set up smart card-enabled

authentication. When prompted, insert your smart card and verify

that you can successfully authenticate to GlobalProtect.

Enable Smart Card Authentication (Continued)