Stormshield SN series Configuration Manual page 47

LDAP
l
SSL Certificate (SSL)
l
RADIUS
l
Kerberos
l
Transparent authentication (SPNEGO)
l
SSO Agent
l
Guest method
l
Sponsorship method
l
When temporary account management is enabled on the firewall, the Temporary accounts
method will automatically appear in the column of authentication methods.
LDAP
Go to the menu Users\Directory configuration to access the configuration. The configuration of
this method is automatic and requires the implementation of an LDAP database.
SSL Certificate (SSL)
After having selected your authentication method from the left column, you may enter information
about it in the right column, which sets out the following elements:
List of trusted certificate authorities (CA)
The SSL authentication method accepts the use of certificates that have been signed by a
certification authority outside the Firewall. This certification authority has to be added in the
configuration of the Firewall so that it accepts all certificates that have been signed by this
authority.
If the certification authority itself is signed by another certification authority, it can then be added
to the list of trusted CAs in order to create a "Trusted CA chain".
If a trusted CA or trusted CA chain is specified in the configuration of SSL authentication, it will be
added to the Firewall's internal CA, which is implicitly checked as soon as there is a valid internal
root authority on the Firewall.
Add
Delete
Page 47/448
Adding a certification authority to a list of trusted certification authorities allows the
recognition of this authority and the validation of all certificates signed by this
certification authority.
By clicking on Add, then on the icon
access the CA window (Cf. Certificates and PKI).
If the certificate authority you wish to trust is not in the list of external certificates,
click on Select in the external certificate window to add this certificate authority to the
list.
Firewalls support multi-level root authorities – the certificate of the user to be
authenticated is signed by a certificate authority, which is itself signed by a higher
authority. You can insert the whole certification chain created by this multi-level root
authority.
In order for the chain to be correctly applied, it is important that you insert every link
in the whole chain of authorities between the highest authority you have inserted to
the authority just above the user certificate.
Deletes the selected certificate authority.
SNS - USER CONFIGURATION MANUAL V.3
that appears on the selected line, you will
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
AUTHENTICATION