Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Administration Guide

Editing the certificate Realm

The certificate realm supports SSL authentication. This realm sets up the user identity in the Application Server’s security context, and populates it with user data obtained from cryptographically verified client certificates in the truststore and keystore files (see About Certificate Files). Add users to these files using certutil.

With the certificate realm, J2EE containers handle authorization processing based on each user’s Distinguished Name (DN) from his or her certificate. The DN is the name of the entity whose public key the certificate identifies. This name uses the X.500 standard, so it is intended to be unique across the Internet. For more information on key stores and trust stores, refer to the certutil documentation at Using Network Security Services (NSS) Tools.

The following table lists the optional properties for the certificate realm.

Table 9–5 Optional properties for certificate realm




A comma-separated list of group names. All clients who present valid certificates are assigned to these groups. For example, employee,manager, where these are the names of user groups.


Type of login module to use for this realm. For the certificate realm, the value must be certificateRealm.