Client Certificates / Client Authentication

< appboard | 2.5 | admin

1. Overview

Most people are familiar with secure web sites, sites that begin with the address https, that use certificates signed by authorities trusted to ensure the site is who it says it is. Lesser known is the server can request the client return a certificate to authenticate the client - this is known as (SSL) Client Authentication

AppBoard fully supports SSL Client Authentication and the main components to configure are:

  1. Update Tomcat to enable client authentication
  2. Create/Import Java Truststore used by the server to validate the client certificates.
  3. (optionally) AppBoard may be customized to use this information beyond Tomcat validating the SSL session.

2. Enabling Client Authentication

To enable HTTPS Client Authentication the first step is to enable HTTPS and have that working correctly. With that enabled the following runtime options also need to be set:

  • CLIENTAUTH: set this to true
  • TRUSTSTORE_FILE: required if client authentication is enabled.
  • TRUSTSTORE_PASS: if the truststore is password protected.
  • TRUSTSTORE_TYPE: to identify the type of truststore file.

See the Runtime Options page for more information on these settings and how to configure them. After making any changes then restart the AppBoard service.

It is recommended to contact Support and engage the Edge Solutions team to help with the basic configuration and further customization that may be needed.