Documentation

 

 

Introduction

This document provides information on installing a PFX certificate on an Apple Mac or Windows PC desktop using a supported browser type

Apple MacWindows PC
ChromeChrome
FirefoxFirefox
Safari 
Prerequisites

1. SecureAuth IdP appliance with PFX realm instantiated

SecureAuth IdP VersionOS Version
6.x+
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

2. End-user account and Apple Mac / Windows PC desktop that uses a PFX certificate to authenticate to the VPN

PFX Certificate Installation Steps
1. Select the pertinent desktop type

2. Select the browser type

Screenshots included in these steps were made on a SecureAuth IdP Version 9.0.0 configured to use the 2016 Light theme 

Certificate installation pages the end-user sees may differ from these images depending on browser settings, SecureAuth IdP version, and theme configured on the Web Admin

Mac (Later IdP Version) - Chrome Browser Configuration Steps

1. In a Chrome browser, enter the URL for the PFX realm and Submit the username to be associated with the PFX file

2. Select an applicable method to receive a One Time Registration Code and click Submit

3. Input the One Time Registration Code disseminated from the previously selected method and click Submit

4. Input the Password credential for the previously supplied username and click Submit

5. Wait for the PFX file to be created; Chrome automatically saves the file to the Downloads directory

6. Navigate to the download path of the PFX certificate file

7. To install the PFX file, begin by double-clicking the file

When prompted for the privatekey Password, enter the same password supplied in step 4 and click OK

8. Keychain Access now starts, allowing end-user validation, verification and certificate viewing

The steps above let the non-IPSec end-user install the PFX certificate for VPN access and connect to the VPN to be authenticated

IPSec and SSLVPN end-users must complete the remaining two steps below

Steps for IPSec Users and SSLVPN end-users

9. Right-click the PFX certificate and select New Identity Preference

10. Input the VPN URL used for authenticating with the PFX certificate

Select Add and then close Keychain Access

The trailing '/' of the URL string may or may not be required based on the browser cache

With the PFX certificate now installed, the VPN can now be accessed for authentication 

Mac (Later IdP Version) - Firefox Browser Configuration Steps

1. In a Firefox browser, enter the URL for the PFX realm and Submit the username to be associated with the PFX file

2. Select an applicable method to receive a One Time Registration Code and click Submit

3. Input the One Time Registration Code disseminated from the previously selected method and click Submit

4. Input the Password credential for the previously supplied username and click Submit

5. After the PFX file is created, select Save File rather than Open with when prompted by the browser window, then click OK

6. Select Preferences from the Firefox application menu

7. Select the Advanced link and the Certificates sub-tab, and finally click View Certificates to start the Certificate Manager

8. With the Your Certificates tab selected, click Import

9. Input the VPN URL used for authenticating with the selected PFX Certificate and click Add

10. When prompted for the private key Password used to encrypt the certificate, supply the same password used in step 4 and click OK

11. The success Alert indicates the PFX certificate has been successfully imported and installed; click OK

12. Certificate Manager now lets the end-user validate, verify, and view the newly-installed certificate

Click OK to close Certificate Manager

With the PFX certificate now installed, the VPN can now be accessed for authentication

Mac (Later IdP Version) - Safari Browser Configuration Steps

1. In a Safari browser, enter the URL for the PFX realm and Submit the username to be associated with the PFX file

2. Select an applicable method to receive a One Time Registration Code and click Submit

3. Input the One Time Registration Code disseminated from the previously selected method and click Submit

4. Input the Password credential for the previously supplied username and click Submit

5. Wait for the PFX file to be generated; Safari 5.1 and later automatically accepts the download and saves it to the default download directory path: Users/[useraccountname]/Downloads

Navigate to the download directory path of the PFX certificate file

6. To install the PFX file, begin by double-clicking the file

When prompted for the privatekey Password, enter the same password supplied in step 4 and click OK

7. Keychain Access now starts, allowing end-user validation, verification and certificate viewing

 

The steps above let the non-IPSec end-user install the PFX certificate for VPN access and connect to the VPN to be authenticated

IPSec end-users must complete the remaining two steps below

Steps for IPSec Users

8. Right-click the PFX certificate and select New Identity Preference

9. Input the VPN URL used for authenticating with the PFX certificate

Select Add and then close Keychain Access

The trailing '/' of the URL string may or may not be required based on the browser cache

  

 With the PFX certificate now installed, the VPN can now be accessed for authentication

2. Select the browser type

Screenshots included in these steps were made on a SecureAuth IdP Version 9.0.0 configured to use the 2016 Light theme 

Certificate installation pages the end-user sees may differ from these images depending on browser settings, SecureAuth IdP version, and theme configured on the Web Admin

Windows (Later IdP Version) - Chrome Browser Configuration Steps

1. In a Chrome browser, enter the URL for the PFX realm and Submit the username to be associated with the PFX file

2. Select an applicable method to receive a One Time Registration Code and click Submit

3. Input the One Time Registration Code disseminated from the previously selected method and click Submit

4. Input the Password credential for the previously supplied username and click Submit

5. Wait for the PFX file to be created

6. Chrome automatically saves the file to the Downloads directory – by default the file is also accessible via the downloads tab at the bottom of the browser window

Double-click the PFX certificate file to start the Certificate Import Wizard


7. Leave the default Store Location setting and click Next

8. Browse to select the PFX certificate and click Next

9. When prompted for the privatekey Password, enter the same password supplied in step 4 and then click Next

10. Proceed with the default selection Automatically select the certificate store based on the type of certificate and click Next

11. The PFX certificate has now been successfully installed and the Certificate Import Wizard window can be closed by clicking Finish

12. Click OK to dismiss the success pop-up alert – the VPN can now be accessed for authentication

Windows (Later IdP Version) - Firefox Browser Configuration Steps

1. In a Firefox browser, enter the URL for the PFX realm and Submit the username to be associated with the PFX file

2. Select an applicable method to receive a One Time Registration Code and click Submit

3. Input the One Time Registration Code disseminated from the previously selected method and click Submit

4. Input the Password credential for the username previously supplied and click Submit

5. Wait for the PFX file to be created

Select Save File rather than Open with when prompted by the dialog, then click OK

6. Navigate to the download path of the PFX file and double-click it to start the Certificate Import Wizard

7. Leave the default Store Location setting and click Next

8. Browse to select the PFX certificate and click Next

9. When prompted for the private key Password used to encrypt the certificate, supply the same password used in step 4 and click Next

10. Proceed with the default selection Automatically select the certificate store based on the type of certificate and click Next

11. The PFX certificate has now been successfully installed and the Certificate Import Wizard window can be closed by clicking Finish

12. Click OK to dismiss the success pop-up alert – the VPN can now be access for authentication

  • No labels