Configure Tenable Security Center Director to Allow SSL Client Certificate Authentication

You must configure the Tenable Security Center Director server to allow SSL client certificate connections. For complete information about certificate authentication, see Certificate Authentication.

To allow SSL client certificate authentication:

  1. Open the /opt/sc/support/conf/sslverify.conf file in a text editor.

  2. Edit the SSLVerifyClient setting:

    Value

    Description

    none (default)

    Tenable Security Center Director does not accept SSL certificates for user authentication.

    require

    Tenable Security Center Director requires a valid SSL certificate for user authentication.

    optional

    Tenable Security Center Director accepts but does not require a valid SSL certificate for user authentication.

    If a user does not present a certificate, they can log in via username and password.

    Note: Some browsers may not connect to Tenable Security Center when you use the optional setting.

    optional_no_ca

    Tenable Security Center Director accepts valid and invalid SSL certificates for user authentication.

    Tip: This setting does not configure reliable user authentication, but you can use it to troubleshoot issues with your SSL connection and determine whether there is an issue with the key or the CA.

  3. Edit the SSLVerifyDepth setting to specify the length of the certificate chain you want Tenable Security Center Director to accept for user authentication. For example:

    • When set to 0, Tenable Security Center Director accepts self-signed certificates.

    • When set to 1, Tenable Security Center Director does not accept intermediate certificates. Tenable Security Center Director accepts self-signed certificates or certificates signed by known CAs.

    • When set to 2, Tenable Security Center Director accepts up to 1 intermediate certificate. Tenable Security Center Director accepts self-signed certificates, certificates signed by known CAs, or certificates signed by unknown CAs whose certificate was signed by a known CA.

  4. Save the file.

    Tenable Security Center Director saves your configuration.