X.509 Client Certificate Scheme Prerequisites

Policy Server Guides › Policy Design Guide › Authentication Schemes › X.509 Client Certificate Authentication Schemes › X.509 Client Certificate Scheme Prerequisites

X.509 Client Certificate Scheme Prerequisites

In order to use the X.509 Client Certificate authentication scheme, the following prerequisites must be met:

An X.509 Server Certificate must be installed on the SSL Web server.
The network must support an SSL connection to the client browser (HTTPS protocol).
X.509 client certificates must be installed on client browsers.
Trust must be established between client certificates and server certificates.
Certificate must be issued by a valid and trusted Certification Authority (CA).
The issuing CA’s public key must validate the issuer’s digital signature.
Client and server certificates must not have expired.
The user’s public key must validate the user’s digital signature.

Note: For Apache Web servers where Certificates are required or optional, the SSL Verify Depth 10 line in the httpd.conf file must be uncommented.

Email CA Technologies about this topic