Table of Contents
Advertisement
McAfee® Network Security Platform 6.0
You can opt to display your company's logo and accompanying text on the Central
Manager Login page. For details, see Adding a Logon Banner,
Guide
Authenticating Access to the Manager using CAC
Common Access Card (CAC) is a smart card that is used for general identification as well
as authentication of user access to secure networks. CAC holds a unique digital certificate
and user information such as photograph, personal identification number (PIN) and
signature to identify each user. Network Security Platform provides an option of
authentication of users who tried to log onto the Manager based on their smart card
verification.
When a smart card reader is connected to your Manager client, and a user swipes a smart
card, the card reader authenticates if the digital certificate and the user information are
trusted and valid. If the user information is trusted, the client browser retrieves the
certificate from CAC, with the help of the CAC software and sends it to the Manager. The
Manager receives the certificate, verifies if the certificate issued is from a trusted
Certificate Authority (CA). If the certificate is from a trusted CA, a secure session is
established and the user is permitted to log on.
At a high level, authenticating user access to the Manager through CAC can be brought
about by a 4-step process:
Verifying the CAC certificate format
.pem is the universal standard to read digital certificate files. If your CA certificate is using
other formats such as .cer, you need to convert those to .pem format. To convert a .cer
certificate to .pem format:
1
Setting up CAC users in the Manager
1
Java Runtime Engine: You must install this plug-in to view objects in the Central
Manager Home page and other areas of the Central Manager program, such as the
Custom Attack Editor.
.
Verify the CAC certificate format
Set up user accounts
Enable CAC authentication
Log on to the Manager using CAC
Open the command prompt, locate the
command:
openssl x509 -in <XXX.cer> -inform DER -out <YYY.pem> -outform
PEM
All the PEM-encoded certificate can be combined into one master CA file, and the
SSLCACertificateFile
must contain a list of Root CA's and intermediary CA's that are
trusted by the Manager.
Connect the smart card reader to your Manager client through a USB port.
The smart card reader can be connected to a Manager server, if the server doubles
up as a Manager client.
Refer the card reader manufacturer's recommendations for the necessary device
a
drivers to be installed.
Starting the Manager/Central Manager
OpenSSL/bin
folder, and execute the following
33
Manager Server Configuration
Advertisement
Table of Contents
