Configuring Mutual Authentication

• Enabling Mutual SSL Authentication in an Application

• Enabling Mutual Authentication For All Applications

In mutual authentication, both server and client-side authentication are enabled. To test mutual authentication, a client with a valid certificate must exist. For information on mutual authentication, see the Security chapter of Java EE 5 Tutorial.

Enabling Mutual SSL Authentication in an Application

To enable mutual authentication for a specific application, use NetBeans to set the method of authentication to Client-Certificate. For more information on using NetBeans, see the Java EE 5 Tutorial.

Enabling Mutual Authentication For All Applications

The Application Server uses the certificate realm for HTTPS authentication. To enforce client authentication for all applications that use the certificate realm, in the Admin Console, go to Configuration > Security > Realms > certificate realm. Click Add Property and enter the following values and click Save:

• In the Name field, enter clientAuth.

• In the Value field, enter true.

Restart the Application Server if Restart Required displays in the console.