Client Certificate Authentication (Sun Java System SAML v2 Plug-in for Federation Services User's Guide)

Sun Java System SAML v2 Plug-in for Federation Services User's Guide

Previous: Server Certificate Authentication
Next: Load Balancing

Client Certificate Authentication

For SSL/TLS client authentication (the client needs to present a certificate to the server), the following properties need to be set in the JVM software running the SSL/TLS client:

`-Djavax.net.ssl.keyStore`	Defines the full path to the keystore containing the client certificate and private key. This may be the same as that defined in Server Certificate Authentication.
`-Djavax.net.ssl.keyStoreType`	Takes a value of `JKS`.
`-Djavax.net.ssl.keyStorePassword`	Specifies the password to the keystore.

On the SSL/TLS server side, the client's CA certificate needs to be imported into the web container's keystore and marked as a trusted issuer of client certificates.

Previous: Server Certificate Authentication
Next: Load Balancing