Certificate Authentication
You can use configure SSL client certificate authentication for Tenable Security Center user account authentication. Tenable Security Center supports:
- SSL client certificates
- smart cards
- personal identity verification (PIV) cards
- Common Access Cards (CAC)
Configuring certificate authentication is a multi-step process.
To fully configure SSL client certificate authentication for Tenable Security Center user accounts:
- Configure Tenable Security Center to allow SSL client certificate authentication, as described in Configure Tenable Security Center to Allow SSL Client Certificate Authentication.
- Configure Tenable Security Center to trust certificates from your CA, as described in Trust a Custom CA.
- Add TNS-authenticated user accounts for the users you want to authenticate via certificate, as described in Add a TNS-Authenticated User.
- (Optional) If you want to validate client certificates against a certificate revocation list (CRL), configure CRLs or OCSP in Tenable Security Center, as described in Configure a CRL in Tenable Security Center or Configure OCSP Validation in Tenable Security Center.
What to do next:
- Instruct users to log in to Tenable Security Center via certificate, as described in Log in to the Web Interface via SSL Client Certificate.