Website authentication using client-side certificates

You can specify client certificates by configuring key-value pairs in a [email protected] setting in the Admin Portal. Two key-value pairs are needed to use this feature:

one key-value pair for the imported certificate

one key-value pair for the URL of the website to which you want to present the certificate in response to a challenge

Support of client-side certificates allows users to access internal websites that require certificate-based authentication. The certificate is pushed from Core to the device and stored in [email protected] memory.


[email protected] supports one certificate per host.

Client-side certificates are supported for non-tunneled websites only.

Configuring website authentication using client-side certificates

To configure website authentication using client-side certificates:

1. Sign in to the Core Admin Portal.
2. Go to Policies & Configs > Configurations.
3. Select the [email protected] setting that applies to the devices of interest.
4. Click Edit.
5. Under Custom Configurations, click Add.
6. Add the following keys and values:



Value Description


Where <number> is any positive integer.

The name of the Certificate Enrollment that corresponds to the certificate you want to use.


Where <number> is the same number you entered for IdCertificate_<number>.

The URL for the website to which the certificate will be presented. Wildcards are permitted.

Examples:, *

7. Click Save.
8. Apply this [email protected] configuration to labels that identify the devices that should receive this configuration.