Enforcing Authentication of Client Computers in a Proxy Firewall Setup
In a firewall setup where client computers connect to the CommServe system through a proxy, you can protect your CommCell environment by "locking down" the client that is hosting the proxy function. This forces the authentication of client certificates when installing new clients on your CommServe.
By default, the client software installer uses a certificate that is built into the installer software to authenticate its connections with the CommServe. However, when locked down, the CommServe only accepts and initiates HTTPS connections from clients with valid certificates. Requiring valid client certificates provides a high level of security that cannot be hacked or compromised by connections from outside the CommCell group.
To "lock down" the proxy-hosting client, perform these steps:
- Enforce Client Certificate Authentication on the Proxy
- Create a Temporary Certificate for Client Installation
If you want to enforce certificate authentication at the CommServe level (and for more information on client certificates), see Network Authentication - Client Certificates.