The edge gateway in vCloud Air supports self-signed certificates, certificates signed by a Certification Authority (CA), and certificates generated and signed by a CA.

In Advanced Networking Services, you can manage certificates for the following vCloud Air features:

IPsec VPN tunnels from your on-premises data center to vCloud Air

SSL VPN-Plus connections to private networks and web resources deployed in vCloud Air

The virtual servers and pools servers configured for load balancing in vCloud Air

You can create a client certificate through a CAI command or REST call. You can then distribute this certificate to your remote users, who can install the certificate on their web browser.

The main benefit of implementing client certificates is that a reference client certificate for each remote user can be stored and checked against the client certificate presented by the remote user. To prevent future connections from a certain user, you can delete the reference certificate from the security server's list of client certificates. Deleting the certificate denies connections from that user.