A digital certificate is an electronic document used to identify an individual, a server, a company, or some other entity, and associate that identification with a public key. See “Public-key infrastructure”. A certificate provides generally recognized proof of an entity’s identity.
Authenticating a user by means of a digital certificate is similar to authenticating a user by means of user name and password.
A client application must first make an SSL-based connection to the application server. See “SSL handshake”. Once a session is established, Enterprise Security relies on the application server to perform the certificate authentication. The session identifies the client by the distinguished name (DN) embedded in the certificate, then looks up the DN in the ACDB. Again, if the authentication is successful, a session object is created and the DN is maintained and presented to other secured assets in the environment, as necessary.
This version of Enterprise Security allows the Security Officer, also known as the Portal Security Officer (PSO), to assign multiple digital certificates to a user’s accounts, which enables the system to authenticate the user with any of the certificates. You can assign certificates using Enterprise Security Manager—see “Managing certificates”.
