
![[8.5.5.6 or later]](../ng_v8556.gif)
Configuring inbound CSIv2 transport layer
You can configure a Liberty server to claim support for client certificate authentication for inbound CSIv2 requests.
About this task
The inbound CSIv2 transport layer for a Liberty server has client certificate authentication that is disabled by default. You can configure the transportLayer to specify the SSL configuration to use. You can configure the SSL element to either support or require the client certificate authentication. The certificate that is received is authenticated against the server user registry, and its identity is only used if no other form of authentication was sent in the CSIv2 request, like an identity assertion in the attribute layer or an authentication token in the authentication layer.
When you use the client certificate authentication, ensure that SSL is supported by the server.