Certificate Authentication

You can use configure SSL client certificate authentication for Tenable Security Center Director user account authentication. Tenable Security Center Director supports:

• SSL client certificates
• smart cards
• personal identity verification (PIV) cards
• Common Access Cards (CAC)

Configuring certificate authentication is a multi-step process.

To fully configure SSL client certificate authentication for Tenable Security Center Director user accounts:

1. Configure Tenable Security Center Director to allow SSL client certificate authentication, as described in Configure Tenable Security Center Director to Allow SSL Client Certificate Authentication.
2. Configure Tenable Security Center Director to trust certificates from your CA, as described in Trust a Custom CA.
3. Add TNS-authenticated user accounts for the users you want to authenticate via certificate, as described in Add a TNS-Authenticated User.
4. (Optional) If you want to validate client certificates against a certificate revocation list (CRL), configure CRLs or OCSP in Tenable Security Center Director, as described in Configure a CRL in Tenable Security Center Director or Configure OCSP Validation in Tenable Security Center Director.

What to do next:

• Instruct users to log in to Tenable Security Center Director via certificate, as described in Log in to the Web Interface via SSL Client Certificate.