X.509 Client Certificate or HTML Forms Scheme Prerequisites

Ensure the following prerequisites are met before configuring a X.509 Client Certificate or HTML Forms authentication scheme:

An X.509 Server Certificate is installed on the SSL Web server.
Note: If the Policy Server is operating in FIPs mode, ensure the certificate was generated using only FIPS-approved algorithms.
The network must supports SSL connection to the client browser (HTTPS protocol).
X.509 client certificates are installed on client browsers.
Trust must is established between client certificates and server certificates.
Certificates are issued by a valid and trusted Certification Authority (CA).
The issuing CA’s public key validates the issuer’s digital signature.
Client and server certificates have not expired.
The user’s public key validates the user’s digital signature.
User attributes requested by the HTML form exist in a user directory.
A directory connection exists between the Policy Server and the user directory.
(Sun Java Systems) If you are using a Sun Java Systems web server, increase the value of the StackSize parameter in the magnus.conf file to a value greater than 131072. Failing to change the value causes the web server to dump its core and restart each time the Policy Server makes an authentication request using forms.

More information: