Requesting client certificates

The server can require all authenticating users to present a client certificate as an extra measure of security. The client certificate proves the client's identity to the server. Client certificates must be signed by a trusted authority.

When a client presents a certificate, it is compared to the certificates maintained in the trusted authorities database. If the certificate used to sign the client certificate is found in the trusted authorities database, the client is authenticated and the connection continues; if not, the connection is terminated.

To add a certificate to the trusted authorities database:

  1. From the top menu, select Server > Listeners. The Listeners page opens.
  2. Select the listener for which you want to specify an SSL certificate to add to the listener's trusted authorities database by clicking on the listener's hyperlinked IP address. The Edit Listener page opens.
  3. Under Encryption Options, click Edit SSL Settings. The Listener Encryption Settings page opens.
  4. Under Trusted Authorities, click Add. The Select Trusted Authorities page opens.
  5. Click Import and select the certificate you want to trust, or click Create to create a new certificate. For more information, see Import Trusted Authorities or Creating an SSL Certificate.
  6. Click Save. The previous page reopens with the new certificate included in the list.
  7. Select the certificate you just created, then click OK. The Listener Encryption page opens again with the certificate you imported displayed in the Trusted Authorities list.
  8. Click Save.

To remove a certificate from the trusted authorities database:

  1. From the top menu, select Server > Listeners. The Listeners page opens.
  2. Select the listener for which you want to specify an SSL certificate to remove from the listener's trusted authorities database by clicking on the listener's hyperlinked IP address. The Edit Listener page opens.
  3. Under Encryption Options, click Edit SSL Settings. The Listener Encryption Settings page opens.
  4. Select the certificate in the Trusted Authorities list that you want to remove.
  5. Click Remove.

    Note: When you remove a certificate from the trusted authorities database, it is not deleted. The certificate can still be accessed by selecting Server > SSL Certificates. You can delete the certificate from the server there if desired.

  6. Click Save.