SSL/TLS Client Authentication
There are many ways to handle SSL/TLS authentication. Handling it depends on the security requirements of a specific site. The following are the minimum requirements for achieving SSL/TLS client authentication:
• A client certificate must be generated. This is an X.509 public/private certificate pair and is usually stored in a PKCS #12 archive file, which is sometimes referred to as a pkcs12 keystore. It may also be contained in many other keystore formats.
• The web server must be configured to verify the client SSL/TLS certificate using the client authentication (CA) certificate that signed the client certificate.
• The web server must be configured to enforce SSL/TLS client certificate authentication.
• The client must be capable of presenting the SSL/TLS client certificate to the server when challenged.
The SSL/TLS client certificate generation and CA certificates will vary on each site. To generate these certificates and obtain the correct CA certificates, consult with your local SSL/TLS experts. The CA certificate must be used to sign the SSL/TLS client certificate.
|
Windchill SSL/TLS client authentication is not supported for the Safari browser on Mac OS.
|