How to Use PKI Certificate Authentication With Linux and Mac OS X Connect Tunnel Client
This article describes the steps that need to followed on a Linux or Mac OS X machine to configure a Connect Tunnel Client for PKI authentication. This article will discuss how to do the following:
Configure the client to connect to an appliance.
Import the client certificate into the client.
Connect to the appliance.
Screenshots in this article were taken from a Linux client. The UI is nearly identical for the Mac OS X Connect Tunnel client.
Configure the client to connect to an appliance
Launch the Connect Tunnel Client. For Linux users, launch the GUI mode client by using the startctui command.
From the Configuration dropdown menu, select Create /Edit Configuration...
In the configuration window that's displayed the VPN Configurations option will be selected.
Click on the + near the lower left corner of the window to add new configuration.
Enter a name for the configuration.
Enter a Host name for the configuration.
Click Change to pull down a list of realms, as shown in the screenshot below:
From the list, click on your realm that performs PKI authentication.
Click the Save button in the lower right corner of the window.
Do not click the Close button. You'll now need to import your client certificate.
Import the client certificate into the client
The Connect Tunnel client contains its own user certificate repository independent of any other repository on the system. This client does not integrate with the Mac OS X Keychain. To import a client certificate, follow the steps below.
From the configurations window, select the dropdown menu near the upper left of the window and selectImport Certificates.
Another window will display and will show you which certificates you have already imported into the client's local repository.
Click the Import button at the bottom of the window to import your user certificate.
In the following dialog window that pops up, browse to your certificate file, select it, and click the Select button.
Note: Your certificate file typically will be in PCKS #12 format, ending in a .pfx extension.
If prompted, enter the password for the certificate.
You will now be returned to the previous window. Double-click Repository to view the certificates in it.
Click the Close button to return to the configuration screen and then click the Close button there to return to the main login screen.
Connect to the appliance
From the Configuration dropdown menu, select the configuration you created early.
From the Certificate section, click Select. The certificate repository window will display. Double-click Repository to load the certificate.:
Click Close. Your certificate should now be available in the Certificate dropdown menu.
You can now click Connect and authenticate to your appliance.