Configure Tenable Security Center to Allow SSL Client Certificate Authentication
You must configure the Tenable Security Center server to allow SSL client certificate connections. For complete information about certificate authentication, see Certificate Authentication.
To allow SSL client certificate authentication:
-
Open the /opt/sc/support/conf/sslverify.conf file in a text editor.
-
Edit the SSLVerifyClient setting:
Value
Description
none (default)
Tenable Security Center does not accept SSL certificates for user authentication.
require
Tenable Security Center requires a valid SSL certificate for user authentication.
optional
Tenable Security Center accepts but does not require a valid SSL certificate for user authentication.
If a user does not present a certificate, they can log in via username and password.
Note: Some browsers may not connect to Tenable Security Center when you use the optional setting.
optional_no_ca
Tenable Security Center accepts valid and invalid SSL certificates for user authentication.
Tip: This setting does not configure reliable user authentication, but you can use it to troubleshoot issues with your SSL connection and determine whether there is an issue with the key or the CA.
-
Edit the SSLVerifyDepth setting to specify the length of the certificate chain you want Tenable Security Center to accept for user authentication. For example:
-
When set to 0, Tenable Security Center accepts self-signed certificates.
-
When set to 1, Tenable Security Center does not accept intermediate certificates. Tenable Security Center accepts self-signed certificates or certificates signed by known CAs.
-
When set to 2, Tenable Security Center accepts up to 1 intermediate certificate. Tenable Security Center accepts self-signed certificates, certificates signed by known CAs, or certificates signed by unknown CAs whose certificate was signed by a known CA.
-
-
Save the file.
Tenable Security Center saves your configuration.