This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client SSL Certificates/Mutual SSL Authentication Possible?

Hello,

I'm new to Sophos UTM, and I'm currently setting it up for a client in Amazon's AWS environment.  I have the firewall, NAT, IPS, and Proxy server all working correctly.  However, they host a web server that requires client side SSL certificates(aka mutual SSL authentication) and I'd like to be able to take advantage of the UTM's web server protection functions.  Is there a way to configure Sophos UTM's web server protection to pass the client side certificate?  It currently does not work, but at least responds back with the forbidden page when you don't pass a client certificate correctly, which is expected when a client does not pass a cert.  Thanks for your help!

Brad


This thread was automatically locked due to age.
Parents
  • Drew, wouldn't the problem with the government servers be solved by getting a CA for the UTM signed by VeriSign, for example?

    I see that the reverse proxy would negate the additional security they seem to require.  Perhaps a simple DNAT is called for.  Is the security offered by the client cert stronger than that offered by the reverse proxy?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Drew, wouldn't the problem with the government servers be solved by getting a CA for the UTM signed by VeriSign, for example?

    I see that the reverse proxy would negate the additional security they seem to require.  Perhaps a simple DNAT is called for.  Is the security offered by the client cert stronger than that offered by the reverse proxy?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data