Access: Adding a Client Certificate Account
The following describes how to add a new client certificate user account for the Software Appliance. Adding a new user account also allows you to remove the Initial OTP User to avoid security concerns.
You need to add at least one trusted CA (Certificate Authority) and the corresponding certificate before you can use a Client Certificate account.
Proceed as follows to create a new User Account for the Software Appliance:
- Log in to your Software Appliance and open the Access page.
In the section User Accounts click Add User Account.
- The corresponding form will open. Enter the required information.
- For Authentication Type, select the option Client Certificate.
- In Certificate Details the X.509 Match Type is already preselected.
Default in the list and recommended match type is the Certificate serial number. - Specify the Match Value for the selected Match Type.
Click Add User Account to confirm your entries. The new User appears in the list of User Accounts.
Notice!
Since the virtualization platform is often managed by a different person than the Software Appliance, you should remove the Initial OTP user once you have created a new user account in order to avoid security issues. As you are currently logged in with the Initial OTP user account, you need to re-login using the newly added user account before removing the initial account.
- Log out and then log back in with the newly created user account.
- Remove the Initial OTP user to avoid security issues, see Setup Steps Overview: Step 2 - Remove the OTP User.
Secure account management
- The Software Appliance prevents you from locking yourself out of the system.
For example:- The Remove button is only active if you can still log into the Software Appliance after removing the account.
- For a client certificate account you need to add the correct Match Type for the first Match Value rule that you specify.