General considerations when choosing client certificate
authentication.
Before choosing to use the client certificate authentication option
provided in the
isamcfg tool, you must:
- Generate a certificate that represents the user who will be authenticating
from WebSEAL or the Web Reverse Proxy to Security Access Manager for
Mobile for example, easuser
- Import that certificate into the WebSEAL or Web Reverse Proxy
key database as a personal certificate
- Import the signer of this certificate as a trusted certificate
in the Security Access Manager for Mobile keystore
- Set Accept Client Certificates to True on
the Security Access Manager for Mobile appliance
- When answering the question Select the method for authentication
between WebSEAL and the Security Access Manager for Mobile application
interface' in the isamcfg tool select Certificate
Authentication
- When prompted to enter the Security Access Manager
for Mobile application interface SSL keyfile label enter
the label of the certificate that represents the user who will be
authenticating from WebSEAL or the Web Reverse Proxy to Security Access
Manager for Mobile
For more information, see Configuring runtime security services for client certificate authentication.