Enabling X.509 certificates
During creation of a WebSphere Commerce instance, you select the web server authentication mode in the Configuration Manager. It can be either Basic authentication or X.509 authentication. The default is Basic authentication, which is authentication with a logon ID and password.
About this task
Procedure
- Set up your IBM HTTP web server SSL certificate. The SSL server certificate includes a list of client authorities for trust relationships. You may need to add additional client certificate authorities.
- Open the Configuration Manager.
- Select WebSphere Commerce > node_name > Commerce > Instance List > instance_name > Instance Properties > Web server.
- Check the X.509 box for Authentication Mode. Click Apply. X.509 client certificate users are now accepted. The IBM HTTP Server is automatically enabled for certificate support, when X.509 Authentication Mode is selected.
-
Stop and start the WebSphere Commerce Server. WebSphere Commerce does not register X.509 users in the
CERT_X509
table until the server is restarted.Note: You can make X.509 certificates either optional or required.- Open the configuration file
httpd.conf
and locate theSSLClientAuth
directive. Set the directive to 1 Optional: or 2 (required). The recommended parameter is required. - Restart your WebSphere Commerce instance.
- Open the configuration file