Jump to content
Welcome to our new Citrix community!

"Check Device Certificate" as a SmartAccess policy condition possible?


John Shinoz

Recommended Posts

Hi, 

 

I have a need to apply a different NetScaler Gateway Session Policy to company issued laptops, which shall be identified by checking for Internal CA issued machine certificate.  So far I can only check for this kind of certificate (not User Certificate) by enabling the "Check Device Certificate" attribute of the Access Gateway virtual server.  The problem with that is for device fails to present such certificate, it will be denied access altogether.      

 

Is it possible to enable Device Certificate checking using a Post Authentication policy similar to other SmartAccess conditions are checked e.g. Antivirus, Registry key etc?  Any suggestions are much appreciated.  

 

Thanks very much in advance,

 

John

Link to comment
Share on other sites

  • 4 months later...

See here: https://docs.citrix.com/en-us/netscaler-gateway/12/install/certificate-management/using-device-certificates.html.  They can be used in EPA with Pre-Checks here: https://support.citrix.com/article/CTX200290.  If you want users who "Fail" device certificate checks to proceed with a secondary factor of authentication, check out nFactor with certificates.  A blog post about it is here: http://www.jgspiers.com/nfactor-authentication-with-netscaler-gateway/

Link to comment
Share on other sites

  • 10 months later...
On 5.12.2017 at 4:50 PM, Jonathan Clark1709155079 said:

If you want users who "Fail" device certificate checks to proceed with a secondary factor of authentication, check out nFactor with certificates

 

That's not quite right, nFactor can (currently) only realize such a scenario with user-certificates!

Source: https://support.citrix.com/article/CTX231256

Link to comment
Share on other sites

  • 2 years later...
  • 1 year later...

Hi, I have a need to apply a different NetScaler Gateway Session Policy to company issued laptops, which shall be identified by checking for Internal CA issued machine certificate. So far I can only check for this kind of certificate (not User Certificate) by enabling the "Check Device Certificate" attribute of the Access Gateway virtual server. The problem with that is for device fails to present such certificate, it will be denied access altogether. Is it possible...?? Getting from this https://support.citrix.com/article/CTX231256

 

Charter Panorama

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...