[certificate] stanzaEdit onlineUse the [certificate] stanza to configure certificate authentication. accept-client-certsUse the accept-client-certs stanza entry to control how WebSEAL handles client certificates from HTTPS clients.external-userUse the external-user stanza entry to indicate whether the mapped identity should correspond to a 'known' Verify Identity Access identity.cred-attrUse the cred-attr stanza entry to control which client certificate data will be added as attributes to the credential.cert-cache-max-entriesUse the cert-cache-max-entries stanza entry to specify the maximum number of concurrent entries in the Certificate SSL ID cache.cert-cache-timeoutUse the cert-cache-timeout stanza entry to specify the maximum lifetime, in seconds, for an entry in the Certificate SSL ID cache.cert-prompt-max-triesUse the cert-prompt-max-tries stanza entry to specify how many times WebSEAL attempts to negotiate the SSL certificate before it assumes that the client cannot provide a certificate.disable-cert-login-pageUse the disable-cert-login-page stanza entry to control whether WebSEAL bypasses the initial login page and directly prompts for the certificate.eai-dataUse the eai-data stanza entry to specify which client certificate data elements are passed to the external authentication interface (EAI) application by WebSEAL.eai-uriUse the eai-uri stanza entry to specify the URI of the external authentication interface (EAI) application that WebSEAL can use for certificate authentication. Configure this entry if you do not want to use the standard CDAS authentication mechanism.omit-root-certBy default the complete certificate chain is sent as part of an SSL/TLS Certificate Message. An optional mode is allowed by the TLS RFC in which the root certificate (anchor) is omitted from the Certificate Message. Setting this option to true causes the root cert to be omitted from the message.Parent topic: Stanza reference