Certificate authentication configuration task summary

Edit online

All of the certificate authentication modes share a common set of configuration tasks. The delayed certificate authentication mode requires additional tasks.

To enable client-side certificate authentication in any of the supported modes, complete the following tasks:

Enabling certificate authentication
Configuration of the certificate authentication mechanism
Certificate login error page

When enabling delayed certificate authentication mode, complete the following additional tasks:

Certificate login form
Disabling SSL session IDs for session tracking
Enabling and configuring the Certificate SSL ID cache
Setting the timeout for Certificate SSL ID cache
Error page for incorrect protocol

Note: The WebSEAL server must be stopped and restarted to activate the new configuration settings.

To disable (unconfigure) client-side certificate authentication, complete the following tasks:

Disabling certificate authentication
Disabling the Certificate SSL ID cache

Technical notes for certificate authentication:

Technical notes for certificate authentication

The WebSEAL configuration file settings for certificate authentication are summarized in the Web Reverse Proxy Stanza Reference section.