John Shinoz Posted July 30, 2017 Share Posted July 30, 2017 Hi, I have a need to apply a different NetScaler Gateway Session Policy to company issued laptops, which shall be identified by checking for Internal CA issued machine certificate. So far I can only check for this kind of certificate (not User Certificate) by enabling the "Check Device Certificate" attribute of the Access Gateway virtual server. The problem with that is for device fails to present such certificate, it will be denied access altogether. Is it possible to enable Device Certificate checking using a Post Authentication policy similar to other SmartAccess conditions are checked e.g. Antivirus, Registry key etc? Any suggestions are much appreciated. Thanks very much in advance, John Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 5, 2017 Share Posted December 5, 2017 See here: https://docs.citrix.com/en-us/netscaler-gateway/12/install/certificate-management/using-device-certificates.html. They can be used in EPA with Pre-Checks here: https://support.citrix.com/article/CTX200290. If you want users who "Fail" device certificate checks to proceed with a secondary factor of authentication, check out nFactor with certificates. A blog post about it is here: http://www.jgspiers.com/nfactor-authentication-with-netscaler-gateway/ Link to comment Share on other sites More sharing options...
Manuel Kolloff Posted October 12, 2018 Share Posted October 12, 2018 On 5.12.2017 at 4:50 PM, Jonathan Clark1709155079 said: If you want users who "Fail" device certificate checks to proceed with a secondary factor of authentication, check out nFactor with certificates That's not quite right, nFactor can (currently) only realize such a scenario with user-certificates! Source: https://support.citrix.com/article/CTX231256 Link to comment Share on other sites More sharing options...
Pape Pape Posted November 10, 2020 Share Posted November 10, 2020 I have exactly the same problem. Anyone got a suggestion? This is quiet a common issue , please suggest me if you find any solution for it . MyGreatLakes Link to comment Share on other sites More sharing options...
Abbybury Virgo Posted October 3, 2022 Share Posted October 3, 2022 Hi, I have a need to apply a different NetScaler Gateway Session Policy to company issued laptops, which shall be identified by checking for Internal CA issued machine certificate. So far I can only check for this kind of certificate (not User Certificate) by enabling the "Check Device Certificate" attribute of the Access Gateway virtual server. The problem with that is for device fails to present such certificate, it will be denied access altogether. Is it possible...?? Getting from this : https://support.citrix.com/article/CTX231256 Charter Panorama Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now