AnsweredAssumed Answered

X.509 cert based Authentication

Question asked by ymalhotra.1 on Feb 13, 2017
Latest reply on Apr 28, 2017 by ramveer



We have enabled cert based authentication for a URL which is nothing but TEWS url ( /iam/im/TEWS ) from SSO side. 

it works well with basic auth as we tested earlier.


SSO configuration is in place like cert authentication scheme, certificate mapping valid SSL certificate and proetcting resource with certauth.


I have generated self sign client certificate for testing but when i am accessing URL protected using certauth its getting stuck @ eminderagent/cert/1486860096/smgetcred.scc?TYPE=16777244&REALM= this redirect and ends up as access forbidden in browser.



1. Can we use self signed cert for client testing as this certicate is issued by different CA and apache SSL cert is issued by different CA ?


2. What is needed to generate client cert depeding on SSL configuratiuon that alreay exists on webserver ?


Below is SSL config from https-ssl.conf


SSLCertificateFile "/apps/ca/secure-proxy/SSL/certs/login.public.pem"

SSLCertificateKeyFile "/apps/ca/secure-proxy/SSL/keys/login.key"

SSLCACertificateFile "/apps/ca/secure-proxy/SSL/certs/ca-bundle.cert"

SSLVerifyClient require
SSLVerifyDepth 10


Thanks in advance,