5-7
Cisco Secure Desktop Configuration Guide
OL-8607-02
Chapter 5 Setting Up CSD for Microsoft Windows Clients
Defining Location Criteria
Using the Certificates in Your Store to Specify Certificate Criteria
To specify certificate criteria if you have neither a certificate file nor a signed file, go to the certificates
in your
store
(your computer) to retrieve the data you need, as follows:
Step 1
Open the
Control Panel
.
Step 2
Choose
Internet Options
.
Step 3
Click the
Content
tab.
Step 4
Click
Certificates
.
Step 5
Choose a certificate and click
View
.
The Certificate window opens.
Step 6
Click the
Details
tab.
Step 7
Complete both of the fields in the “Certificate Criteria” area of the Identification for
<Location>
pane
(
Figure 5-2
), as follows:
–
Issued By—
Click
Subject
in the Field column under the Details tab of the Certificate window.
The area below the Field column displays the subordinate fields and values assigned to the
Subject field of the certificate. The subordinate fields include such names as “CN” for common
name, “O” for organization unit name, and “E” for e-mail address. Type the value of one of these
subfields in the
Issued By
field on the Identification for
<Location>
pane to match it against
the Subject field of the certificate.
Note
Specify the value of the subfield. For example, type the value of the “O” field, not the “O” itself.
–
Issued To—
Click
Issuer
in the Field column under the Details tab of the Certificate window.
The area below the Field column displays the subordinate fields and values assigned to the
Issuer field of the certificate. The subordinate fields include such names as “CN” for common
name, “O” for organization unit name, and “E” for e-mail address. Type the value of one of these
subordinate fields in the
Issued To
field on the Identification for
<Location>
pane to match it
against the Issuer field of the certificate.
CSD assigns the location to the client only if it has a certificate that contains
both
of the following, and
only if it matches at least one criterion in each of the completed areas in the Identification for
<Location>
pane:
•
Value in the Subject field that matches the value you specified in the “Issued By” field
•
Value in the Issuer field that matches the value you specified in the “Issued To” field
IP Criteria
Check
Enable identification using IP criteria
in the Identification for
<Location>
pane (
Figure 5-2
)
to use the IP address of the remote client PC as a criterion for assigning a location to the remote client,
then click
Add
to enter one or more IP address ranges.
CSD checks the IP addresses of remote client PCs trying to connect. If a client has an address within the
specified range, CSD assigns the properties of the location to the remote client.