Can the TL web access server be configured to use client certificates to lockout unknown devices?
I want to be sure that the clients (iPads) are ours.
We have an internal CA that signed the server certificate.
Other solutions for web access from iPads?
Hi @CHerman
I guess you’re talking about two-way SSL? ThinLinc doesn’t support this at present, unfortunately.
You may be able to use a modified version of the script in this comment (#3) in our Bugzilla:
https://bugzilla.cendio.com/show_bug.cgi?id=5440#c3
You could change /client_params/capabilities/client_version to /client_params/hwaddr, and make the appropriate comparison(s) to determine whether to allow the session to be started or not.
Note that this would only work for new sessions; it wouldn’t restrict clients connecting to already existing sessions. If you don’t need session persistence however, you could use it in combination with MaxIdleTime to automatically terminate idle sessions:
Hope that helps.
Thanks for the answer.
I searched for two-way SSL but didn’t find the word 
Then I can stop search and try to find a way around that.