Add a client certificate to the web tier

You can add a client certificate to your web tier to support client host validation or trusted sign-on.

Note The following procedure assumes that you have already generated or obtained a client certificate for your web tier and imported the client certificate into a keystore.

  1. Log on to the web tier system.
  2. Stop the web tier web application server.
  3. Copy the keystore containing the client certificate to one of two locations:
    • The web tier's web application WEB-INF folder
    • A network share accessible to your web tier
  4. Open the web configuration file (web.xml) in a text editor, and perform the following steps:
    1. Set the keystore parameter to the path of the keystore containing the web tier's certificate.
    2. Set customize-folder to a folder on the web tier host.

    3. Create an empty file in the <Customize-Folder>/config directory. You will specify the keystore password in the file later.

      Note The keystorePassword parameter has been removed from the web tier configuration file (web.xml) since Service Manager 9.34p2. You must enter your web client keystore password in a file located in the <Customize-Folder>/config directory.

    4. Save the web.xml file.
  5. In the file, set the keystorePassword parameter to the password to access the client keystore. For details, see Encryption of client keystore passwords.

  6. Restart your web tier web application server.

Related topics

Secure Sockets Layer (SSL) configuration options
Secure Sockets Layer (SSL) encryption and server certificates

Related topics

Add a client certificate to the Windows client