Client Certificates / Client Authentication

< appboard | 2.4 | admin

1. Overview

Most people are familiar with secure web sites, sites that begin with the address https, that use certificates signed by authorities trusted to ensure the site is who it says it is. Lesser known is the server can request the client return a certificate to authenticate the client - this is known as (SSL) Client Authentication

AppBoard fully supports SSL Client Authentication and the main components to configure are:

  1. Update Tomcat to enable client authentication
  2. Create/Import Java Truststore used by the server to validate the client certificates.
  3. (optionally) AppBoard may be customized to use this information beyond Tomcat validating the SSL session.

2. Tomcat Configuration

  1. Enable client authentication by editing [INSTALL_HOME]/server/conf/server.xml and adding the following parameters to the eportal Connector:
    clientAuth="true"
    truststoreFile="full_path_to_truststore_file"
    truststorePass="password_for_truststore_file"
  2. Create a Java Truststore file in JKS format, alternatively PKCS11 and PKCS12 are supported by setting the truststoreType parameter. By default the type used matches the keystoreType parameter.
It is recommended to contact Support and engage the Edge Solutions team to help with the basic configuration and further customization that may be needed.