Client-side certificate authentication Edit online This section contains the following topics: Client-side certificate authentication modesCertificate authentication configuration task summaryEnabling certificate authenticationConfiguration of the certificate authentication mechanismYou can use the External Authentication Interface (EAI) protocol to configure a junctioned web application to handle certificate authentication on behalf of WebSEAL.Certificate login error pageAdministrators can choose to use the default error page, customize the error message, or specify an entirely different customized error page. Typically, administrators use the default page but might customize the contents of the error message.Certificate login formDisabling SSL session IDs for session trackingEnabling and configuring the Certificate SSL ID cacheSetting the timeout for Certificate SSL ID cacheError page for incorrect protocolDisabling certificate authenticationDisabling the Certificate SSL ID cacheTechnical notes for certificate authenticationFor all certificate configurations, a client-side certificate can be presented only once per browser session.Parent topic: Authentication methodsRelated conceptsBasic authenticationForms authenticationToken authenticationKerberos authentication through an External Authentication Interface (EAI)Windows desktop single sign-onLTPA authenticationOAuth AuthenticationOpenID Connect (OIDC) authenticationRelated referenceAuthentication terminologyLogout and password change operations