Certificate authentication configuration task summary

All of the certificate authentication modes share a common set of configuration tasks. The delayed certificate authentication mode requires additional tasks.

To enable client-side certificate authentication in any of the supported modes:

1. Enable certificate authentication
2. Configuration of the certificate authentication mechanism
3. Certificate login error page

When enabling delayed certificate authentication mode, complete the following additional tasks:

1. Certificate login form
2. Disable SSL session IDs for session tracking
3. Enable and configure the Certificate SSL ID cache
4. Set the timeout for Certificate SSL ID cache
5. Error page for incorrect protocol

The WebSEAL server must be stopped and restarted to activate the new configuration settings.

To disable (unconfigure) client-side certificate authentication, complete the following tasks:

• Disable certificate authentication
• Disable the Certificate SSL ID cache

Technical notes for certificate authentication:

• Technical notes for certificate authentication

The WebSEAL configuration file settings for certificate authentication are summarized in the web reverse proxy Stanza Reference section.

Parent topic: Client-side certificate authentication