The Certificate-Mapping API consists of data structures and functions used to manage certificate mapping.
When a user authenticates to the Web Server by sending a client certificate, the server uses information in the certificate to search the user directory for the user’s entry.
You can configure some parts of this process by editing the file certdb.conf. This file specifies the following:
Server searches the directory for the user’s entry.
Whether the server goes through an additional step of verifying that the user’s certificate matches the certificate presented to the server.
For more information about certmap.conf, see the Sun Java System Web Server 7.0 Administrator’s Configuration File Reference.
You can also modify this process programmatically. Web Server includes a set of API functions (referred to here as the Certificate-Mapping API functions) that allow you to control this process. You can write your own functions to customize how certificate subject entries are found in the directory.
To use this API, you must have a copy of the Directory SDK. You can download a copy of this SDK from the following location: http://developers.sun.com/index.html.