SSL Client Authentication
Your system supports client authentication using SSL certificates. SSL client authentication is a form of two-factor authentication that can be used as an alternate or in addition to local password authentication.
Note: CAC is a form of client certificate authentication. Information on client certificate authentication applies to CAC.
Uploading Trusted Certificates
A trusted certificate is used to authenticate users that log in to your system. Uploading a trusted certificate is required if you are using LDAPS authentication. The trusted certificate is used to authenticate the remote LDAPS server. The certificate needs to be in Privacy Enhanced Mail (PEM) format.
To upload a trusted certificate:
-
Click Administration > Setup > System Admin.
-
Click SSL Client Authentication in the Security section in the left panel.
-
On the Trusted Certificates tab, click Browse to find the trusted certificate on your local file system.
-
Click Upload.
The trusted certificate is uploaded and listed in the “Certificates in Repository” list on the same page where you uploaded it.
To view details about a trusted certificate, click the link displayed in the Certificate Name column.
To delete a trusted certificate, select the certificate and click Delete.
Uploading a Certificate Revocation List
A certificate revocation list (CRL) is a computer-generated record that identifies certificates that have been revoked or suspended before their expiration dates. To support CAC, you need to upload a CRL file to your ArcSight system. The CRL file needs to be in PEM format.
To upload a CRL file:
-
Click Administration > System Admin.
-
Click SSL Client Authentication in the Security section in the left panel.
-
In the Certificate Revocation List tab, click Browse to find the CRL file on your local file system.
-
Click Upload.
The CRL is uploaded and listed in the Certificate Revocation List.
To view details about a CRL, click the link displayed in the Issuer Name column.
To delete a CRL file, select it and click the Delete button.
Enabling Client Certificate Authentication
To enable client certificate authentication, see Client Certificate Authentication .