User certificate authentication on the server
Both the MobileFirst Server and its hosting application server must be configured to use the User Certificate Authentication feature. The application server must be configured for client-side SSL. The MobileFirst Server must be configured with a PKI bridge and an appropriate security test to use the feature.
- SSL configuration
The User Certificate Authentication feature depends on the use of the Secure Sockets Layer (SSL) for authentication purposes. We can host the application only on HTTPS, unless a reverse proxy is being used.
- PKI bridge configuration
The PKI bridge is an interface between the MobileFirst Server and a business' public key infrastructure (PKI). Each realm definition that uses the WorklightCertificateAuthenticator must have a PKI bridge defined in its configuration.
- WebSphere Application Server and Liberty profile requirements
User certificate authentication uses standard SSL X.509 User Certificates, which requires the use of an SSL channel.
- Update the server authentication configuration
A requirement to enable the User Certificate Authentication feature is to configure the authentication configuration on the MobileFirst Server.
Parent topic: User certificate authentication