Client authentication using digital certificates is performed during
Secure Sockets Layer (SSL) connection by completing this task.
About this task
Complete the following steps to configure Common Secure Interoperability
Version 2 (CSIv2) for SSL client authentication:
Procedure
- Start the administrative console.
- Configure CSIv2 inbound authentication.
- Expand Security > Global security.
- Under Authentication, click Authentication protocol > CSIv2
inbound authentication.
- Select Supported or Required for Client certificate
authentication. If you selected Required, also configure
the CSIv2 outbound authentication to support the client certificate authentication.
- Click OK.
- Optional: Configure CSIv2 outbound authentication.
- Expand Security > Global security.
- Under Authentication, click Authentication protocol > CSIv2
outbound authentication.
- Select either Supported or Required for Client
certificate authentication.
Important: If
Client certificate authentication is Required for either inbound or
outbound authentication, you must at least select Supported for the
complementary authentication protocol. For example, for CSIv2 inbound authentication,
if you select Required for Client certificate authentication, you must
at least select Supported for Client certificate authentication when
you configure CSIv2 outbound authentication.
- Create a SSL configuration repertoire. For more information,
see the "Creating a Secure Sockets Layer repertoire configuration entry" article
in the Information Center.
- Configure CSIv2 outbound transport.
- Expand Security > Global security.
- Under Authentication, click Authentication protocol > CSIv2
Outbound Transport.
- In the Transport field, select either SSL-required or SSL-supported.
Select SSL-supported if your server must communicate with servers
that do not support SSL authentication.
- In the SSL settings field, select the SSL configuration repertoire
that you previously configured.
- Configure CSIv2 inbound transport.
- Expand Security > Global security.
- Under Authentication, click Authentication protocol > CSIv2
Inbound Transport.
- In the Transport field, select either SSL-required or SSL-supported.
Select SSL-supported if your server must communicate with servers
that do not support SSL authentication.
- In the SSL settings field, select the SSL configuration repertoire
that you previously configured.
- Save your configuration.
- Restart the server for the changes to become effective.
Results
Client authentication using digital certificates is performed during
SSL connection. A secure client connects using SSL to a secure Internet Inter-ORB
Protocol (IIOP) server with client authentication at the transport layer.