Whenever a CA Client Automation client process connects to a CAF plug-in that requires authentication, the client process must pass security credentials relevant to the target services security requirements. Where the client process is running as an autonomous process, such as a Windows NT service or a UNIX daemon, the client process authenticates using X.509 V3 certificates in the absence of any user credentials.
An X.509 certificate for CA Client Automation authentication comprises a set of attribute-value pairs that are packaged together with the public encryption key of an asymmetric key pair. A root certificate digitally signs and seals the certificate. The certificate records the name of the subject to whom the certificate was issued, the issuing certificate authority name and expiry information. The subject name is often referred to as the Distinguished Name (DN). The subject name is mapped to a Uniform Resource Identifier (URI) in the x509cert namespace, such as the following example:
x509cert://dsm r11/CN=Basic Host Identity,O=Computer Associates,C=US