Configure SSL for Web client authentication

To enable client-side certificate-based authentication, modify the authentication method that is defined on the J2EE Web module that you want to manage. If the Web module already is configured to use the basic challenge authentication method, use either the Application Assembly Tool (AAT) or WebSphere Development Studio Client for iSeries to modify the challenge type to client certificate.

This task should be completed before an enterprise application archive (EAR) file is deployed into the WebSphere Application Server. It is not recommended to modify the EAR file after it has been deployed because it involves opening the expanded archive correlating to the enterprise application archive, found in the installedApps directory.

To configure SSL for Web client authentication with the AAT tool, perform the following steps:

1. Start the AAT tool.
2. Locate and expand the Web module package under the application for which you want to enable the client-side certificate authentication method.
3. Select the appropriate Web application, and click the Advanced tab. Modify the authentication method to client certificate. The realm name is the scope of the login operation and is the same for all participating resources.
4. Click OK, and save the changes you made with AAT.
5. Deploy the EAR file.

Note: The Web server must also be configured to request a client certificate. If the Web server is the Web container transport within WebSphere Application Server, verify that Client Authentication is selected in the referenced SSL configuration.

For information about how a certificate is authenticated within the product, see Map certificates to users.