000021583 - How to configure WebSentry for different certificate access

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021583
Applies ToThales WebSentry
Keon Certificate Authority web ACLs
IssueHow to configure WebSentry for different certificate access
Client certificate authentication to Web server
Web folder/directory setup and security access wanted as follows:

/protected
(access only to client certificates signed by ca_md5 = 185546716d3a2b41dd343de936bf13c1)

/protected/IT
(access only to client certificates signed by ca_md5 = 185546716d3a2b41dd343de936bf13c1 and OU = IT )

/protected/HR
(access only to client certificates signed by ca_md5 = 185546716d3a2b41dd343de936bf13c1 and OU = HR )
ResolutionBelow are the 3 ACLs for the web folder/directory setup and security access described above:


/protected/
  ( ca_md5 = 185546716d3a2b41dd343de936bf13c1 )
read


/protected/IT/
( |
  ( ^ ( ou = IT) )
  ( ^ ( ca_md5 = 185546716d3a2b41dd343de936bf13c1 ) )
)
!none!


/protected/HR/
( |
  ( ^ ( ou = HR) )
  ( ^ ( ca_md5 = 185546716d3a2b41dd343de936bf13c1 ) )
)
!none!
Legacy Article IDa23826

Attachments

    Outcomes