Client Certificate Authentication

This topic applies to both Software Logger and the Logger Appliance.

This authentication method requires that users authenticate using a client certificate. For each client certificate, a user account with a Distinguished Name (DN) matching the one in the client certificate must exist on your system.

Caution: All SSL client certificates used for authentication must be FIPS-compliant (hashed with FIPS-compliant algorithms) even if FIPS is not enabled on your system.

To configure client certificate authentication:

Click System Admin from the top-level menu bar.
Click Authentication in the Users/Groups section.
Choose the External Authentication tab.
From the menu, choose Client Certificate.
Allow Local Password Fallback provides two options:

Allow Local Password Fallback for Default Admin Only

Select this option to allow the default admin user to log in using only a username and password if the client certificate is not available or invalid. This privilege is restricted to the default admin user only—other users must have a valid client certificate to gain access to the system. This option is enabled by default.
Allow Local Password Fallback for All Users

Select this option to allow all users to log in using their local user name and password if their client certificate is invalid or unavailable.

For more information, see Local Password Fallback.

Click Save.