Configuration Prerequisites

To support X509 certificate-based authentication in Identity Manager, ensure that two-way (client and server) SSL authentication is configured properly. From the client perspective, this means that an X509-compliant user certificate should have been imported into the browser (or be available through a smart card reader), and that the trusted certificate used to sign the user certificate should be imported into the Web application server’s keystore of trusted certificates.

Also, the client certificate used must be enabled for client authentication.

To Verify that the Client Certificate’s Client Authentication Option is Selected

1. Using Internet Explorer, select Tools, and then select Internet Options.

2. Select the Content tab.

3. In the Certificates area, click Certificates.

4. Select the client certificate, and then click Advanced.

5. In the Certificate Purposes area, verify that the Client Authentication option is selected.