X.509 Client Certificate or Basic Scheme Prerequisites

Policy Server Guides › Policy Design Guide › Authentication Schemes › X.509 Certificate or Basic Authentication Schemes › X.509 Client Certificate or Basic Scheme Prerequisites

X.509 Client Certificate or Basic Scheme Prerequisites

In order to use the X.509 Client Certificate or Basic authentication scheme, the following prerequisites must be met:

An X.509 Server Certificate must be installed on the SSL Web server.
The network must support an SSL connection to the client browser (HTTPS protocol).
X.509 client certificates must be installed on client browsers.
Trust must be established between client certificates and server certificates.
Certificates must be issued by a valid and trusted Certification Authority (CA).
The issuing CA’s public key must validate the issuer’s digital signature.
Client and server certificates must not have expired.
The user’s public key must validate the user’s digital signature.
Client user name and password information must exist in a user directory.
A connection to the user directory must be configured using the SiteMinder User Directory dialog.

Note: For Apache Web servers where Certificates are required or optional, the SSL Verify Depth 10 line in the httpd.conf file must be uncommented.

More information:

User Directories

Email CA Technologies about this topic