7.0 - Google Search Appliance Help Center

Back to Home | Help Center | Log Out

Help Center

Home

Crawl and Index

Serving
Front Ends
Output Format
KeyMatch
Related Queries
Filters
Remove URLs
OneBox Modules
Query Settings
OneBox Modules
Document Preview Module
Result Biasing
Dynamic Navigation
Suggestions
Access Control
Head Requestor Deny Rules
Policy ACLs
Universal Login
Universal Login Auth Mechanisms
Cookie
HTTP
Client Certificate
Kerberos
SAML
Connectors
LDAP
Universal Login Form Customization
Flexible Authorization
Alerts
Language Bundles

Status and Reports

Connector Administration

Social Connect

Cloud Connect

GSA Unification

GSAⁿ

Administration

More Information

Serving > Universal Login Auth Mechanisms > Client Certificate

Use the Serving > Universal Login Auth Mechanisms > Client Certificate page to configure a credential group rule for client certificate user authentication.

Before Starting this Task

Before adding a rule for client certificate user authentication, set up a credential group by using the Serving > Universal Login page. Also, complete the tasks shown in the following table.

Task	Description
Obtain an SSL certificate.	The search appliance must have a digital certificate that permits serve over HTTPS. Obtain a certificate from a certificate authority by using the Administration > SSL Settings page.
Check the setting for Force secure connections when serving?	Check this setting on the Administration > SSL Settings page. If No is selected, you must change it to one of the following options: Use HTTPS when serving secure results, but not when serving public results Use HTTPS when serving both public and secure results
Upload the search appliance's Certificate Authority (CA) certificate.	Upload the search appliance's CA certificate and its Certificate Revocation List (CRL) files by using the Administration > Certificate Authorities page.
If the client's CA certificate is different from the search appliance's (CA) certificate, upload the client's CA certificate.	Upload the client's CA certificate and its CRL files by using the Administration > Certificate Authorities page.

Adding a Credential Group Rule for a Client Certificate

When the Google Search Appliance is configured with a credential group that includes a client certificate, the search appliance uses the client certificate for user authentication for confidential documents.

When you add a credential group, you must enter a Mechanism Name. The Mechanism Name that you enter will appear in the Authentication ID pull-down menu on the Serving > Flexible Authorization page. The Mechanism Name enables you to instruct the authorization mechanism to use a session identity from a specific credential group or instance of an authentication mechanism.

A mechanism name must not be the same as another mechanism name or credential group name. Mechanism names are case-insensitive and can be up to 200 characters long, and can contain only alphanumeric characters, underscores, and hyphens. A name cannot begin with a hyphen.

To add a credential group rule for client certificate user authentication to a credential group:

Click Serving > Universal Login > Auth Mechanisms > Client Certificate.
Select a credential group from the pull-down menu.
Click Enable client certificate authentication support.
In the Mechanism Name box, type a unique name for the authentication mechanism.
Click Save.

To delete a rule:

Click Serving > Universal Login Auth Mechanisms > Client Certificate.
Unselect Enable client certificate authentication support.
Click Save.

For More Information

For more information about uploading client certificates, click Help Center > Administration > Certificate Authorities.

For more information about Universal Login and credential groups, see "Managing Search for Controlled-Access Content," which is linked to the Google Search Appliance help center.