Log on to the SMC using certificate-based authentication

You can log on to the SMC using an X.509 certificate stored in the Windows certificate store or on a smart card, such as a Common Access Card (CAC).

Before you begin

To use smart cards for authentication, you must have smart card reader hardware and software.

To use certificate files for authentication, you must save the certificates in the Windows certificate store.

You must export the TLS Credentials element that is used by the Management Server, import the certificate on each administrator's computer, and configure the operating system to trust the certificate.

Note: Certificate-based authentication is only supported for Management Clients installed in Windows 10.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. If you have a smart card, insert the smart card into the smart card reader.
  2. Select Use Client Certificate Authentication.
  3. Select the Management Server in one of the following ways.
    • Select an existing Management Server IP address or DNS name.
    • Click Add Server, then enter the IP address or DNS name of the Management Server.
  4. (First logon only) To accept the certificate chain for the Management Server, click Accept.
  5. If there is more than one certificate on the smart card or in the Windows certificate store, select the certificate to use for authentication, then click Select.
  6. (Smart card only) In the PIN field, enter then PIN for the smart card, then click Login

Result

After you log on to the Management Client, the Management Client shows the date and time when you last logged on to the Management Client, and the IP address from which you last logged on. If your administrator permissions have been changed since the last time you logged on, you are notified that your permissions have been changed.

Select Management Server Screen of the Logon dialog box

On this screen you select the Management Server you want to log on to, remove Management Servers from the list or add Management Servers to the list of available servers.

Option Definition
Select a Management Server Select a server from the list.
Add Server Opens a text box where you can enter the IP address of the Management Server you want to use.
Remove Server Removes the selected Management Server from the list.
Use Client Certificate Authentication When selected, allows you to log on to the Management Client using certificate-based authentication, such as a Common Access Card (CAC).