[certificate] stanza
Use the [certificate] stanza to configure certificate authentication.
- accept-client-certs
Use the accept-client-certs stanza entry to control how WebSEAL handles client certificates from HTTPS clients. - cert-cache-max-entries
Use the cert-cache-max-entries stanza entry to specify the maximum number of concurrent entries in the Certificate SSL ID cache. - cert-cache-timeout
Use the cert-cache-timeout stanza entry to specify the maximum lifetime, in seconds, for an entry in the Certificate SSL ID cache. - cert-prompt-max-tries
Use the cert-prompt-max-tries stanza entry to specify how many times WebSEAL attempts to negotiate the SSL certificate before it assumes that the client cannot provide a certificate. - disable-cert-login-page
Use the disable-cert-login-page stanza entry to control whether WebSEAL bypasses the initial login page and directly prompts for the certificate. - eai-data
Use the eai-data stanza entry to specify which client certificate data elements are passed to the external authentication interface (EAI) application by WebSEAL. - eai-uri
Use the eai-uri stanza entry to specify the URI of the external authentication interface (EAI) application that WebSEAL can use for certificate authentication. Configure this entry if you do not want to use the standard CDAS authentication mechanism. - omit-root-cert
By default the complete certificate chain is sent as part of an SSL/TLS Certificate Message. An optional mode is allowed by the TLS RFC in which the root certificate (anchor) is omitted from the Certificate Message. Setting this option to true causes the root cert to be omitted from the message.
Parent topic: Stanza reference