Skip to main content
Skyhigh Security

Rule Sets for Client Certificate Authentication

Rule sets for implementing the Client Certificate authentication method are available in the rule set library.

Authentication Server (for X509 Authentication) rule set

The Authentication Server (for X509 Authentication) rule set uses several nested rule sets to handle use of the authentication server under the Client Certificate authentication method.

  • SSL Endpoint Termination — Prepares the handling of requests in SSL-secured communication
    • Accept Incoming HTTPS Connections — Provides the certificates that can be submitted for the authentication server
    • Content Inspection — Enables inspection of the content that is transmitted with a request
  • Authentication Server Requests — Redirects requests back to the proxy on the appliance for further processing after authentication on the authentication server was completed successfully

    Requests are also redirected if a cookie has been set for a client that a request was sent from.

    If authentication could not be completed successfully on the authentication server, the user is asked to submit credentials for authentication on the user database.
     
  • Block All Others — Blocks requests for which authentication was not completed successfully

Cookie Authentication (for X509 Authentication) rule set

The Cookie Authentication (for X509 Authentication) rule set uses several nested rule sets to initiate use of the Client Certificate authentication method and handle the setting of cookies.

  • Cookie Authentication at HTTP(S) Proxy — Contains nested rule sets that handle Client Certificate authentication with cookies
    • Set Cookie for Authenticated Clients — Sets a cookie after authentication has been successfully completed once for a client and redirects the request that the client sent back to the proxy on the appliance for further processing
    • Authenticate Clients with Authentication Server — Redirects requests sent from clients for which no cookie has been set to the authentication server
  • Was this article helpful?