Certificate Authentication

You can use configure SSL client certificate authentication for Tenable Security Center user account authentication. Tenable Security Center supports:

• SSL client certificates
• smart cards
• personal identity verification (PIV) cards
• Common Access Cards (CAC)

Configuring certificate authentication is a multi-step process.

To fully configure SSL client certificate authentication for Tenable Security Center user accounts:

1. Configure Tenable Security Center to allow SSL client certificate authentication, as described in Configure Tenable Security Center to Allow SSL Client Certificate Authentication.
2. Configure Tenable Security Center to trust certificates from your CA, as described in Trust a Custom CA.
3. Add TNS-authenticated user accounts for the users you want to authenticate via certificate, as described in Add a TNS-Authenticated User.
4. (Optional) If you want to validate client certificates against a certificate revocation list (CRL), configure CRLs or OCSP in Tenable Security Center, as described in Configure a CRL in Tenable Security Center or Configure OCSP Validation in Tenable Security Center.

What to do next:

• Instruct users to log in to Tenable Security Center via certificate, as described in Log in to the Web Interface via SSL Client Certificate.