Forum Discussion

gd-29's avatar
gd-29
Brass Contributor
Aug 12, 2019

Valid Client Certificate Setup

How do you get valid client certificate to work?  What i have so far.  1. CA with Intermediate, User Certificate Template cloned for this purpose 2. Issued a cert to my domain desktop and IOS devi...
Cloud App Security
rajatm's avatar
rajatm
Former Employee
Apr 21, 2020
yes. cert based identification works for both session and access policies. the difference is that session policies can only control activities in web-apps/browser sessions while access policies can control overall allow/block for web-apps AND native/desktop apps.
i have both session and access policies using the same certs and working as expected.
if you only need to block access to devices without certs, an access policy is the right way to go.
ataviste's avatar
ataviste
Copper Contributor
Apr 21, 2020

Hirajatm ,

 

Should my session policy have worked as well then? I guess something else was not quite right with it.

 

Thanks,

Antony

  • rajatm's avatar
    rajatm
    Former Employee
    Apr 21, 2020

    ataviste depends on what you had configured in it. for example, this config for a session policy will block selected activities in the 3rd filter when a user logs on to EXO OWA and the device does not have a valid cert. it will not block overall access.