Enabling X.509 certificates

During creation of a WebSphere Commerce instance, you select the web server authentication mode in the Configuration Manager. It can be either Basic authentication or X.509 authentication. The default is Basic authentication, which is authentication with a logon ID and password.

About this task

To enable the use of X.509 certificates:

Procedure

  1. Set up your IBM HTTP web server SSL certificate. The SSL server certificate includes a list of client authorities for trust relationships. You may need to add additional client certificate authorities.
  2. Open the Configuration Manager.
  3. Select WebSphere Commerce > node_name > Commerce > Instance List > instance_name > Instance Properties > Web server.
  4. Check the X.509 box for Authentication Mode. Click Apply. X.509 client certificate users are now accepted. The IBM HTTP Server is automatically enabled for certificate support, when X.509 Authentication Mode is selected.
  5. Stop and start the WebSphere Commerce Server. WebSphere Commerce does not register X.509 users in the CERT_X509 table until the server is restarted.
    Note: You can make X.509 certificates either optional or required.
    1. Open the configuration file httpd.conf and locate the SSLClientAuth directive. Set the directive to 1 Optional: or 2 (required). The recommended parameter is required.
    2. Restart your WebSphere Commerce instance.