Configure Secure Sockets Layer for Web client authentication : WAS ND

Configure Secure Sockets Layer for Web client authentication

Overview
To enable client-side certificate-based authentication, modify the authentication method defined on the J2EE Web module that you want to manage. The Web module might already be configured to use the basic challenge authentication method. In this case, modify the challenge type to client certificate.
This functionality is delivered to the WebSphere Application Server administrator in the Assembly Toolkit. However, developers can use the WebSphere Application Server Studio Application Development environment to achieve the same result.

Launch the Assembly Toolkit.This step can be done either before an enterprise application archive .ear file is deployed into the WebSphere Application Server or after deployment into the product. The latter option is discouraged in a production environment because it involves opening the expanded archive correlating to the enterprise application archive, found in the installedApps directory.

Locate and expand the Web module package under the application for which you wish to enable the client-side certificate authentication method.

Select the appropriate Web application, and switch to the Advanced tab. Modify the authentication method to client certificate. The realm name is the scope of the login operation and is the same for all participating resources.

Click OK, and save the changes you made with Assembly Toolkit.

Stop and restart the associated appserver containing the resource, so that the security modification is included in the run time. Complete this action if the modification was made to a resource that already is deployed in the WebSphere Application Server.

Results
Now your enterprise application prompts the user for proof of identity with a certificate.
The Web server must also be configured to request a client certificate. If the Web server is external, refer to the appropriate configuration documentation. If the Web server is the Web container transport (for example, 9043) within WebSphere Application Server, verify that the client authentication flag is selected in the referenced SSL configuration.

Refer to the Map certificates to users article to determine how a certificate is authenticated within the product.

Secure Sockets Layer

Managing digital certificates
Importing signer certificates