Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › X.509 Client Certificate Authentication Schemes
X.509 Client Certificate Authentication Schemes
X.509 client certificates provide cryptographic proof of a user's identity. The certificate, supplied by a certificate vendor, is unique, and can be used to identify the user who attempts to access a protected resource.
The certificate contains the following information:
- Name of the subscriber (user)—This is a unique name called the distinguished name.
- Public key of the subscriber
- Operational period for the certificate
- Name of the Certificate Authority that issued the certificate
- Certificate serial number
The X.509 Client Certificate authentication scheme is the method SiteMinder uses to implement certificate authentication. SiteMinder's X.509 Client Certificate authentication consists of two parts:
- Establishing an SSL connection and collecting the client certificate information.
- Identifying a user in a directory service based on the client certificate and optionally verifying this certificate with the directory.
