Question on X.509 Client Certificate Authentication when using an SSL offloader

Document ID : KB000044727
Last Modified Date : 14/02/2018
Show Technical Document Details


You can configure X.509 V3 client certificates on a client, and the certificate can be used to verify the identity of a user requesting a resource. The X.509 Client Certificate authentication schemes implement certificate authentication.


When SSL accelerator (offloader) resides in front of Web Server/Web Agent, is it possible for X.509 Client Certificate Scheme to work?


Web Agent: All

OS: All


No, it doesn't work. SSL connection is a mandatory requirement because X.509 Client Certificate Authentication can be done with a secure TLS/SSL connection.

If using
SSL accelerator offloader, a solution module is available on CA Global Delivery Packaged Work Product Download. Please contact CA Services.
- Advanced Certificate Authentication for CA Single Sign-On (SmX509CertAuth Solution Module)

Additional Information:

Advanced Certificate Authentication for CA Single Sign-On