Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Client Certificate Authentication for HTML UI

Add Client Certificate to Administrator accounts

You can let administrator accounts be managed on external authentication servers and map externally stored user groups and individual users to roles on an appliance.

  1. Select Accounts > Administrator Accounts.
  2. Click Administrator accounts are managed in an external directory server.
  3. Use the settings under Authentication group = role mapping, to map user groups and individual users stored on the external server to roles on the appliance:
    1. Click Add.
      The Add Group/User Role Name Mapping window opens.
    2. Select the checkbox Match user name from authentication server
    3. Enter Username.  

      Do not select Match group from authentication server checkbox. 

    4. Under Role to map to, select a role.
    5. Click OK.

Under Authentication Server Details, configure settings for the external server.
These settings determine the way the Authentication module on the appliance retrieves information from that server.

  1. Under the Authentication method setting, select SSL Client Certificate from the dropdown menu.
  2. In Client Certificate Specific Parameters, adjust the below settings
    1. Enter Username 
    2. Un-tick the checkbox Check extended key usage.
    3. Click Add under Cerfiicate Authorities​.
      • Click Import to import a client certificate.
    4. Click Ok.
    5. Click Save Changes.

You can use the Edit and Delete options in similar ways to edit and delete mappings.


Enable client certificate authentication 

  1. Select Configuration > Appliances.
  2. On the appliances tree, select User Interface.
  3. Under HTTPS Client Certificate Connector, select Enable client certificate authentication checkbox.
  4. Adjust the port details if necessary.


  1. Import the client certificate into the browser and open https client certificate connector URL.
  2. After successful client certificate authentication, you will get a success page showing the buttons Cancel, Load Applet, and Load HTML UI. 


  • Was this article helpful?