Sun Java System SAML v2 Plug-in for Federation Services User's Guide

Server Certificate Authentication

For SSL/TLS server authentication (the server needs to present a certificate to the client), the following properties need to be set in the Virtual Machine for the Java™ platform (JVM™) running the SSL/TLS client:

Defines the full path to the file containing the server's CA certificate(s).

Takes a value of JKS (Java Key Store).

In addition, the client's CA certificate needs to be imported into the certificate store/database of the server's web container and marked as a trusted issuer of client certificates.