Google Search Appliance Admin Console Help

Back to Home | Admin Console Help | Log Out

Admin Console Help

Home

Content Sources

Index

Search
Search Features
Secure Search
Access Control
Head Requestor Deny Rules
Policy ACLs
Universal Login
Universal Login Auth Mechanisms
Cookie
HTTP
Client Certificate
Kerberos
SAML
Connectors
LDAP
Universal Login Form Customization
Flexible Authorization
Trusted Applications
Diagnostics

Reports

GSA Unification

GSAⁿ

Administration

More Information

Search > Secure Search > Universal Login Auth Mechanisms > Client Certificate

Use the Search > Secure Search > Universal Login Auth Mechanisms > Client Certificate page to configure a credential group rule for client certificate user authentication.

Before Starting this Task

Before adding a rule for client certificate user authentication, set up a credential group by using the Search > Secure Search > Universal Login page. Also, complete the tasks shown in the following table.

Task	Description
Obtain an SSL certificate.	The search appliance must have a digital certificate that permits serve over HTTPS. Obtain a certificate from a certificate authority by using the Administration > SSL Settings page.
Check the setting for Force secure connections when serving?	Check this setting on the Administration > SSL Settings page. If No is selected, you must change it to one of the following options: Use HTTPS when serving secure results, but not when serving public results Use HTTPS when serving both public and secure results
Upload the search appliance's Certificate Authority (CA) certificate.	Upload the search appliance's CA certificate and its Certificate Revocation List (CRL) files by using the Administration > Certificate Authorities page.
If the client's CA certificate is different from the search appliance's (CA) certificate, upload the client's CA certificate.	Upload the client's CA certificate and its CRL files by using the Administration > Certificate Authorities page.

Adding a Credential Group Rule for a Client Certificate

When the Google Search Appliance is configured with a credential group that includes a client certificate, the search appliance uses the client certificate for user authentication for confidential documents.

When you add a credential group, you must enter a Mechanism Name. The Mechanism Name that you enter will appear in the Authentication ID pull-down menu on the Search > Secure Search > Flexible Authorization page. The Mechanism Name enables you to instruct the authorization mechanism to use a session identity from a specific credential group or instance of an authentication mechanism.

A mechanism name must not be the same as another mechanism name or credential group name. Mechanism names are case-insensitive and can be up to 200 characters long, and can contain only alphanumeric characters, underscores, and hyphens. A name cannot begin with a hyphen.

To add a credential group rule for client certificate user authentication to a credential group:

Click Search > Secure Search > Universal Login Auth Mechanisms > Client Certificate.
Select a credential group from the pull-down menu.
Click Enable client certificate authentication support.
In the Mechanism Name box, type a unique name for the authentication mechanism.
Click Save.

To delete a rule:

Click Search > Secure Search > Universal Login Auth Mechanisms > Client Certificate.
Unselect Enable client certificate authentication support.
Click Save.

For More Information

For more information about uploading client certificates, click Admin Console Help > Administration > Certificate Authorities.

For more information about Universal Login and credential groups, see "Managing Search for Controlled-Access Content," which is linked to the Google Search Appliance help center.