Question on X.509 Client Certificate Authentication when using an SSL offloader

Document ID : KB000044727
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

You can configure X.509 V3 client certificates on a client, and the certificate can be used to verify the identity of a user requesting a resource. The X.509 Client Certificate authentication schemes implement certificate authentication.

Question: 

When SSL accelerator (offloader) resides in front of Web Server/Web Agent, is it possible for X.509 Client Certificate Scheme to work?

Environment:  

Web Agent: All

OS: All

Answer: 

No, it doesn't work. SSL connection is a mandatory requirement because X.509 Client Certificate Authentication can be done with a secure TLS/SSL connection.

Note:
If using
SSL accelerator offloader, a solution module is available on CA Global Delivery Packaged Work Product Download. Please contact CA Services.
- Advanced Certificate Authentication for CA Single Sign-On (SmX509CertAuth Solution Module)

Additional Information:

Advanced Certificate Authentication for CA Single Sign-On