Enable client certificate authentication
Enable client certificate authentication on a FairCom server
This section details how to enable client certificate authentication. For more information on the keywords used here, visit the security page in our Database Administrator's Guide.
Create a server certificate signed by a CA certificate named something like
my_combined_cert.pem
Add the following information to
my_combined_cert.pem
in this order:The unencrypted server private key is in
server_private_key.pem
.Shut down the FairCom server.
Edit FairCom's server configuration file,
<faircom>/config/ctsrvr.cfg
.In the SUBSYSTEM COMM_PROTOCOL SSL, uncomment or add the lines:
SERVER_CERTIFICATE_FILE my_combined_cert.pem
x509_AUTHENTICATION YES
x509_PATH CN
DEBUG_LOG ssl.log
Start the FairCom server.