Creating a Device Trust Client Object
Client Certificates secure and validate the communication between applications hosted on Axis Security servers and your end users. The certificates provide authentication between the agent and server to securely send data using Transport Layer Security (TLS).
Notes
- This type of device trust is fully enforced on access to web applications (HTTP/HTTPS). For other protocols, it is only enforced when connecting to the user portal.
- This type of device trust is only applicable to Agentless access. To configure an Atmos Agent device posture click here.
Click here to learn about client certificates.
To create a device trust client certificate:
- In the Management Console, go to Policy -> Device Trust -> New Device Trust.
- Select Client Certificate as your new device posture method.
The New Device Trust window is displayed.
The New Client Certificate window is displayed.
-
In the Device Trust Name field, enter the name of the client certificate.
-
In the Certificate Authority Public Key section, click Upload CA Public Key and upload your certificate authority’s (CA) public key. To learn more about authentication certificates, click here.
Important: Make sure you upload only the root CA certificate.
The following section shows how to upload your CA's public key for Windows and macOS.
To upload a CA public key in Windows
- Click Upload CA public key.
- The default upload file type is .pem.
To upload a different type, click the file type drop-down menu in the bottom right, and select All Files.
- In the Verify device certificates every option, click the drop-down menu to specify the intervals for requesting credentials in days, hours, or minutes.
Note
To commit your changes go to the top-right menu, click Apply Changes, review your changes, and then select Commit Changes.
To upload a CA public key in macOS
- Click Upload CA public key.
- The default upload file type is .pem. To upload a different type, click Options, and from the Format drop-down menu and select All Files.
- In the Verify device certificates every option, click the drop-down menu to specify the intervals for requesting credentials in days, hours, or minutes.
Note
To commit your changes go to the top-right menu, click Apply Changes, review your changes, and then select Commit Changes.
Updated over 2 years ago