Certificate Enhancements
On Remote Access VPN Windows Clients you can:
-
Display the Friendly Name for a certificate.
-
Filter certificates according to the Enhanced Key Usage attribute (certificates without client authentication are not shown).
-
Choose not to show expired certificates in the certificate selection list.
-
Show a .
Configure these features in the trac_client_1 ttm configuration file.
To configure the new functionality:
In the trac_client_1 ttm configuration file, configure these parameters:
|
Parameter |
Description |
|---|---|
|
|
Valid values: 0 and 1 (default). Make sure it is set to 1 to show the Friendly Name. |
|
|
Valid values: 0 (default) and 1. Make sure it is set to 0 to not show expired certificates in the certificate selection list. |
|
|
Valid values: 0 and 1 (default). Make sure it is set to 1 to only show certificates that have Client Authentication as part of their extended key usage. |
Warning When the Certificate is About to Expire
On Remote Access VPN Windows Clients you can show a notification to the user when a certificate is about to expire.
If you show this notification, the certificate is not renewed automatically.
If the user does not renew the certificate, then after the certificate expires the user will not be allowed to connect to protected resources.
The option to show the warning message is disabled by default.
To configure a warning to the user that the certificate is about to expire:
-
Edit the
$FWDIR/conf/trac_client_1.ttmfile on the Security Gateway. -
Set the value of the attribute
certificate_renewal_warning_onlytotrue.If the property does not exist, create it.
-
Save the file.
-
Install the policy on the Security Gateway.
Changes are applied the next time that the user connects.