Creating, Importing and Assigning a CA Certificate Bundle
Within this article, I will be using a personal and relative use case to my own customers. While many organizations may only have one or two Root CA's to identify, the US Department of Defense has nu...
Published Jul 30, 2018
Version 1.0
Good question. In a scenario where you configure request versus require, you are potentially allowing a secondary authentication method if the client does not present a client certificate. In the event a client certificate is presented even if it is set to request, the SSL Client profile will validate the certificate was issued by a CA in that bundle. If it was not, it will either deny access or you can configure the VPE to allow another authentication method. If I get around to it, I will provide a VPE screenshot that has this scenario.
If this is an Access Policy that is ONLY configured for non-certificate-based authentication (AD, LDAP, Forms, etc.), this setting is not required.