To configure the Virtual Service(s) to use DoD CAC authentication, follow the steps below:

  1. In the main menu, select Virtual Services > View/Modify Services.
  2. Expand the SSL Properties section.

  3. Select Enabled.
  4. Click OK.
  5. Expand the ESP Options section.

  6. Select Enable ESP.
  7. Select Client Certificate as the Client Authentication mode.
  8. Select the inbound SSO domain which was configured in the Configure the Inbound SSO Domain in the LoadMaster section in the SSO Domain drop-down list.
    Note: To allow the option to authenticate from multiple domains, alternative domains can be assigned at this point.
  9. In the Server Side configuration drop-down list, select the outbound SSO domain which was created in the Configure the Outbound SSO Domain in the LoadMaster section.
  10. Fill out any other details as needed. For more information on the general ESP options, refer to the ESP, Feature Description.
  11. Expand the SSL Properties section.

  12. Enable the Verify Client using OCSP option.
    Note: If Verify Client using OCSP is enabled and the OCSP server settings have not been configured in the OCSP Configuration screen, the client cannot be verified and the connection will fail.
  13. Fill out any other details as needed.
  14. Add any Real Servers as needed.
Note: When using client certificates, you cannot have SubVSs when setting up an Exchange workload.