Requiring client certificates

You can require a certificate from any clients that your communication with your server. This ensures that you trust the client and enables the client to communicate freely with your server. This is then peer-to-peer communication rather than client/server communication

To request or require a certificate from clients who communicate with your server:

1. Connect to ES Admin, for example by entering http://localhost:86 in your Web browser.
2. Select the enterprise server you want, such as ESDEMO. Stop it if it is started, and then click Edit.
3. Go to the Listeners page.
4. Select the HTTPS listener you want (if you can't see the one you want, set the Process filter to All), and click Edit .
5. Check Secure Sockets Layer.
6. Click SSL Options and then:
   • Check the appropriate option to request or require client certificates.
   • Enter the CA root certificate of the CA who signed the client cerificate.

If the CA who signed the client's certificate is not trusted, communication is prevented. If you want to trust the signing CA, you can add it to your trusted CAs by updating the relevant certificates options in your browser.

How to

Related topics