Using Client Certificate Authentication

This article is for those who started the free trial before September 8, 2019. For details on the start date, see How to Check the Trial Start Date

Use the Create & Download Client Certificates page in Users & System Administration to issue Client Authentication Certificates to users.
To use Client Certificate Authentication, your Kintone domain must be configured to use IP address restrictions. See Configuring IP Address Restrictions and Basic Authentication. Once IP address restrictions are configured, the Client Certificate Authentication is available for ea ch user.
  • To allow the service for one user, on the Edit User page, select Client Certificate Authentication. See Adding and Editing Users.
  • To allow the service for a group of users, select the users on the Services & Users page.
Viewing Authorized Users
To view users who are authorized to use the Client Certificate Authentication service:
  1. Select a department from the Departments list.
  2. Select Unissued, Valid, or Expired from the options at the top.
    • Users in the selected category display in the list, which shows their display name and the expiration date and time of the certificate.
    • If a department or category contains no authorized users, no users show in the list.

Creating New Client Certificates

To create Client Certificates for users:
  1. Select the department to which the target users belong. If the users are not members of any department, select Unassigned Users or All Users.
  2. Select a client certificate status from the following:
    • Unissued: Issues client certificates for the users who have never been issued certificates.
    • Valid: Issues new client certificates for the users who have valid certificates.
    • Expired: Issues new client certificates for the users who do not have valid certificates.
  3. Select the check boxes next to the target users display names.
  4. Change the expiration date of the client certificates if necessary. Once you created a client certificate, you cannot change its expiration date. Note: Internet Explorer and iPhone Safari browsers may still be able to access Kintone for up to 10 minutes after the expiration of their client certificate, due to session cache reasons.
  5. Select whether to disable all prior client certificates of the users.
    • To disable all prior client certificates of the users whose certificates are being re-issued, select the check box.
    • To allow older certificates to continue to be used, clear the check box.
  6. Click Create.
  7. If you want to download the certificates yourself, click Download to save the zip file. The zip file contains one zip file per user containing the client certificate and password.

Downloading Certificates

Administrators can allow users to download their own certificates. You can grant users permission on the Download Permissions page. See Permissions for Downloading Client Certificates. When a certificate is created, the Secure Remote Access page becomes available in the Account Settings menu on the portal. Administrators can view this page in the Display Name menu.

The Secure Remote Access page shows the link to download the client certificate file, the certificate expiration date, password, and access URL. Users can use this page to download their own certificates. Once you have a certificate file, you need to install it in your Web browser. Search your Web browser’s help system for instructions. You can instead download a batch of certificates and install them in users’ browsers yourself. 
Was this article helpful?
1 out of 1 found this helpful



Please sign in to leave a comment.