In mutual authentication, both server and client-side authentication are enabled. To test mutual authentication, a client with a valid certificate must exist. For information on creating a client certificate, see The J2EE 1.4 Tutorial at:
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html
The Application Server uses the certificate
realm for HTTPS authentication.
To specify mutual authentication for all the applications that use this realm, follow these steps.
server
, select the server-config
node.default-config
node.certificate
realm.clientAuth
.true
.
After restarting the server, mutual authentication requires client authentication for all applications that use the certificate
realm.
To enable mutual authentication for a specific application, use deploytool
to set the method of authentication to Client-Certificate
. For more information about using deploytool
, refer to the Security chapter of The J2EE 1.4 Tutorial at:
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html.