Client certificate authentication for HTTP access services
When a client initiates a TLS connection to an HTTP access service, client and server exchange data to negotiate the connection. As part of the negotiation, the HTTP access service always presents a certificate to assure the client that it is connected to the correct server. You can also configure the HTTP access service to require a client browser or application to present a certificate when it initiates the connection. Such mutual authentication protects against man-in-the-middle attacks by providing both participants with proof that they are communicating with the intended party. Client certificates can also be used to authenticate users or devices.
After a secure client connection is established, the HTTP access service can use information in the client certificate to authenticate a user. The service can compare specific attributes in the certificate subject key with similar attributes in the user account record.
Certificate authentication can be used in combination with password authentication, or in place of password authentication.