The use of a client certificate limits the security resources because it will reduce the scope of the Internet users authorized to discuss with your server while producing the service directly on the Internet.
This feature is available with Artica 4.40 or 4.30 Service Pack 757
A client-side certificate is a transport layer authentication mechanism; it can be used to verify a user before the application layer.
The client is authenticated at the TLS handshake, not at the HTTP layer that goes through the secure connection.
From a usage point of view, this implementation requires the production of a client certificate that will be installed in the certificate banks.
When the browser visits the website, it will ask for the certificate.
¶ Server certificate
The server certificate used to identify users is different from the one used for HTTP communication.
It can be self-signed because it focuses only on the identification system.
Using a self-signed certificate in this approach provides the following advantages:
- Your authentication is independent of the commercial renewal of the main certificate which allows you to ensure a much longer validity period (10, 20 years)
- You do not need to purchase a certificate that allows you to sign other certificates.
- If you are already have a Certificate installed in your network use the procedure to Import a Server certificate
- If you want Artica to manage your Server and Client certificates, read this article
¶ Enable SSL Client certificate checking
You need first using SSL on your Website, verify that your website is SSL aware.
- On the Web services section, choose your website.
- Under SSL parameters section, Click on the row “Client-Side Certificate” which is inactive
- select the main certificate you want to use to verify your clients certificates in the “Client certificate” drop-down list.
- Click on Apply.
- Turn on the “Enable the Feature” option.
- If the “Optional” is enabled, browsers that do not have the client certificate will not be blocked.
You will be able to specify the paths (parts of your website) that will require the client certificate. - Finally select the Server certificate that is used to sign Client certificates.
- A new icon “Verify Client Certificate” is displayed on your Web site row.
- Now go to your Website, if you did not have the certificate installed on your browser, the following error page is displayed.