Configure SSL for Web client authentication

To enable client-side certificate-based authentication, modify the authentication method defined on the J2EE Web module that you want to manage. The Web module might already be configured to use the basic challenge authentication method. In this case, modify the challenge type to client certificate. This functionality is delivered to the WebSphere Application Server administrator in the . However, developers can use the WAS Studio Application Development environment to achieve the same result.

  1. Launch the WebSphere .This step can be done either before an enterprise application archive .ear file is deployed into the WAS or after deployment into the product. The latter option is discouraged in a production environment because it involves opening the expanded archive correlating to the enterprise application archive, found in the installedApps directory.

  2. Locate and expand the Web module package under the application for which you wish to enable the client-side certificate authentication method.

  3. Select the appropriate web application (.war), and switch to the Advanced tab. Modify the authentication method to client certificate. The realm name is the scope of the login operation and is the same for all participating resources.

  4. Click OK, and save the changes you made with .

  5. Stop and restart the associated appserver containing the resource, so that the security modification is included in the run time. Complete this action if the modification was made to a resource that already is deployed in the WAS.

Now your enterprise application prompts the user for proof of identity with a certificate.

The Web server must also be configured to request a client certificate. If the Web server is external, refer to the appropriate configuration documentation. If the Web server is the Web container transport (for example, 9043) within WAS, verify that the client authentication flag is selected in the referenced SSL configuration.

Refer to the Map certificates to users article to determine how a certificate is authenticated within the product.


See Also

Managing digital certificates
Importing signer certificates