HTTP authentication

Add server-level authentication and client-side certificates, if required by the application.

Use this view to configure platform authentication information and client-side certificate, if required. AppScan supports multiple certificates from the user's personal store, or a single certificate (per scan) in PKCS#12 (PFX) format.
Tip: PEM certificates are not supported, but you can convert them to PFX (see Convert a PEM Certificate to PFX/P12 format).

Setting

Details

HTTP Authentication

If your site requires Basic, Digest, NTLM, Negotiate, or Kerberos HTTP authentication, enter the Username, Password and if necessary Domain (optional) for AppScan to use during scanning.

Client-Side Certificate

If your site server uses client-side certificates to verify user identity, AppScan will need them for scanning.
Don't use certificate
(Default)
PFX/P12
Use a single PFX or P12 certificate. Click the plus icon to select Certificate File, and type in the Password.
Installed certificates (including smart card)
Use certificates installed on this machine.
  • If you know which certificate is needed, or if you are using a smart card, it is preferable to add it manually:
    1. Leave the Identify required certificates automatically check box unselected.
    2. Click Add.
    3. Select certificate (or certificates) from the Windows Personal Certificates Store (for the current user).
    4. Click Add.

      The certificates are added to the table.

    5. If the certificate requires a PIN, double-click in the column and type it in.
  • If you are not sure which certificates are needed:
    1. Select the Identify required certificates automatically check box.
    2. If a PIN is required and you know it, type it into the PIN field, otherwise you will be prompted to enter it when you start the scan.
      Tip: Smart cards that require a PIN may get locked out. If possible, add the certificate manually.
Note: For most smart card certificates the card must be available in the reader during scanning.

Connection Status

Shows the status of the connection with the Starting URL configured in Starting URL and domains.