Skip to main content

Enable client certificate authentication

Enable client certificate authentication on a FairCom server

Abstract

Enable client certificate authentication on a FairCom server

This section details how to enable client certificate authentication. For more information on the keywords used here, visit the security page in our Database Administrator's Guide.

  1. Create a server certificate signed by a CA certificate named something like my_combined_cert.pem

  2. add the following information to my_combined_cert.pem:

    a. server private key

    b. CA certificate

  3. Shut down the FairCom server.

  4. Edit FairCom's server configuration file, <faircom>/config/ctsrvr.cfg.

  5. In the SUBSYSTEM COMM_PROTOCOL SSL, uncomment or add the lines:

    SERVER_CERTIFICATE_FILE my_combined_cert.pem

    SSL_CONNECTIONS_ONLY YES

    VERIFY_CLIENT_CERTIFICATE YES

    x509_AUTHENTICATION YES

    x509_PATH CN

    DEBUG_LOG ssl.log

  6. Start the FairCom server.