Home
SafeLinx Administrator
The SafeLinx Administrator is a Java application that lets administrators configure, monitor, and maintain the resources of one or more SafeLinx Servers.
Configuring for security
SafeLinx includes options for configuring security.
Using Certificate-based authentication profiles
You can control how clients are authenticated using third-party configuration properties in certificate-based authentication profiles.

SafeLinx Administrator
The SafeLinx Administrator is a Java application that lets administrators configure, monitor, and maintain the resources of one or more SafeLinx Servers.
- Controlling resources and organizational units
  SafeLinx gives you control over all resources and organizational units.
- Customizing network configuration
  SafeLinx lets you customize your network configuration.
- Configuring for security
  SafeLinx includes options for configuring security.
  - Configuring TLS certificates
    You can configure different components of the SafeLinx Server to use Transport Layer Security (TLS) to secure their communications.
  - Using Certificate-based authentication profiles
    You can control how clients are authenticated using third-party configuration properties in certificate-based authentication profiles.
  - Using LDAP-bind authentication profiles
    You can control how clients are authenticated using third-party configuration properties in LDAP-bind authentication profiles.
  - Using RADIUS authentication profiles
    You can control how clients are authenticated using third-party configuration properties in RADIUS authentication profiles.
  - Using device identification with SafeLinx Clients
    Some devices have serial numbers that are associated with their hardware, which can be used for identification. Users who connect through the SafeLinx Client that is configured for Password key exchange can have an extra level of security by taking advantage of these device identifiers.
  - Configuring users to be authenticated using only RADIUS
    You can configure the SafeLinx Client to be authenticated using RADIUS.
  - Configuring users to be authenticated using only LDAP-bind
    You can configure the SafeLinx Client to be authenticated using LDAP-bind.
  - Configuring users to be authenticated using certificate-based authentication
    You can configure a SafeLinx Server to connect by using certificate-based authentication.
  - Limiting the client logon to a specific class of devices
    You can limit the SafeLinx Clients that are permitted to log on to the SafeLinx Server by device class. This capability is a security feature of the connection profile that is assigned to the mobile network connection (MNC) to which the client logs in. How devices are identified depends on the operating system of the SafeLinx Client.
  - Configuring a restricted session for Windows integrated logon
    When you configure the SafeLinx Client to use the Windows integrated logon, you can choose to offer these clients access to a restricted session.
- Managing administrators
  SafeLinx provides the tools to manage administrators.
- Managing users
  SafeLinx provides the tools to manage users.
- Troubleshooting problems
  SafeLinx helps you troubleshoot problems.
- What is...
  SafeLinx Administrator Help identifies and clarifies necessary topics.

Using Certificate-based authentication profiles

You can control how clients are authenticated using third-party configuration properties in certificate-based authentication profiles.

About this task

To configure a SafeLinx Server to connect using certificate-based, or a combination of methods, create an authentication profile or profiles, then assign them to a connection profile or HTTP access service.

Procedure

Click the Resources tab.
Right-click the OU in which you want to create an authentication profile.
Create an authentication profile. Select Add Resource > Authentication profile > Certificate-based.
Specify a descriptive name of the profile.
Determine how you want to verify the client certificate authenticity. Check any of all of the following:
- Verify validity period, to check that the date is within a valid range
- Verify the trust relationship with the user through the Certificate Authority (CA) certificates stores in a key database. Additionally, verify that the CA has not revoked certifications as listed in certificate revocation lists (CRLs).
- Verify portions of the certificate subject key against portions of the user record as stored in the SafeLinx Server directory server service (DSS). You form a rule in which you specify which attributes should be attempted for a match.
Note:
1. Only connection profiles can use certificate-based authentication profiles.
2. Only SafeLinx Clients using Windows, Windows CE, or the Linux operating system can use certificate-based authentication.
Assign the authentication profile to the resource that uses it.
Edit the properties of a connection profile. Click the Security tab, then select the Secondary authentication profile desired.
When all verifications that are configured pass, the SafeLinx Server finalizes the SafeLinx Client login.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.