Enabling two-way client (user/browser) side certificates

Two Way SSL is a feature that requires all users to authenticate to the active Soltra Edge browser session using a certificate imported into their browser. This chain of custody prevents brute force intrusion of any one user’s credentials due to the certificate requirement.

Generating (or loading) CA certificate

  • click on Admin, SSL, and then Two-way

    Edge two-way Tab
  • You will be asked to generate a CA, similar to when you enabled SSL. Populate all the required fields for your organization. Once done, click the green Generate button at the bottom left.

    CAUTION: Do not toggle Enabled yet! Doing so will lock you out of your browsing session. If you attempt this, you will presented a warning.

    Edge two-way Tab
    • Once the CA is generated, the view is returned to the User Certificates screen

      Edge two-way Tab
  • At this point you must create and download a certificate for at least the Admin user and import the certificate into your active browsing session. Failure to do so will lock the Admin account out of Avalanche Complete the Certificate Request for the Admin account by filling in the requested information and clicking the Create Key button.

  • we now has an SSL certificate. Click View to download it

  • The click Get Zip to download the certificate. You will need this to import into your browser. It is highly recommended you backup this Zipped Certificate file in a safe location

  • Importing your certificate is a process in itself. Since you will need a guide to email to your Soltra Edge users, here is a guide you can send out. Follow this**`guide <howto_two-way_import.rst>`__ **now to import your certificate into your browser before you continue in this guide. Failure to follow this step will cause a lockout of the Soltra Edge instance.

    Guide to importing your Two-Way certificate into your browser

  • Now that your certificate is in place, toggle the switch to Enabled, and Submit to update the configuration files, and then click Restart HTTPD to apply the new changes

  • Two way SSL is now fully enabled