Appboard/2.5/admin/client certificates: Difference between revisions
imported>Jason.nicholls (Created page with '{{DISPLAYTITLE:Client Certificates / Client Authentication}} Category:AppBoard 2.5 ==Overview== Most people are familiar with secure web sites, sites that begin with the addr…') |
imported>Jason.nicholls |
||
Line 10: | Line 10: | ||
# (optionally) AppBoard may be customized to use this information beyond Tomcat validating the SSL session. | # (optionally) AppBoard may be customized to use this information beyond Tomcat validating the SSL session. | ||
== | == Configure AppBoard for Client Authentication == | ||
To enable HTTPS Client Authentication the first step is to enable HTTPS and have that working correctly. With that enabled the following runtime options also need to be set: | |||
* <tt>CLIENTAUTH</tt>: set this to <tt>true</tt> | |||
* <tt>TRUSTSTORE_FILE</tt>: required if client authentication is enabled. | |||
* <tt>TRUSTSTORE_PASS</tt>: if the truststore is password protected. | |||
* <tt>TRUSTSTORE_TYPE</tt>: to identify the type of truststore file. | |||
See the [[appboard/2.5/admin/runtime_options|Runtime Options]] page for more information on these settings and how to configure them. After making any changes then restart the AppBoard service. | |||
{{Note|It is recommended to contact Support and engage the Edge Solutions team to help with the basic configuration and further customization that may be needed.}} | {{Note|It is recommended to contact Support and engage the Edge Solutions team to help with the basic configuration and further customization that may be needed.}} |
Revision as of 13:07, 5 September 2014
Overview
Most people are familiar with secure web sites, sites that begin with the address https, that use certificates signed by authorities trusted to ensure the site is who it says it is. Lesser known is the server can request the client return a certificate to authenticate the client - this is known as (SSL) Client Authentication
AppBoard fully supports SSL Client Authentication and the main components to configure are:
- Update Tomcat to enable client authentication
- Create/Import Java Truststore used by the server to validate the client certificates.
- (optionally) AppBoard may be customized to use this information beyond Tomcat validating the SSL session.
Configure AppBoard for Client Authentication
To enable HTTPS Client Authentication the first step is to enable HTTPS and have that working correctly. With that enabled the following runtime options also need to be set:
- CLIENTAUTH: set this to true
- TRUSTSTORE_FILE: required if client authentication is enabled.
- TRUSTSTORE_PASS: if the truststore is password protected.
- TRUSTSTORE_TYPE: to identify the type of truststore file.
See the Runtime Options page for more information on these settings and how to configure them. After making any changes then restart the AppBoard service.