Certificate Authentication Options
You can authenticate a remote trading partner using certificate authentication. Certificate authentication uses SSL client authentication and is optional. Three methods of certificate authentication are available to allow you the flexibility to choose how you want to authenticate trading partners using x.509 certificates. Certificate authentication options include no authentication, local authentication, or authentication using Sterling External Authentication Server. Authentication using Sterling External Authentication Server provides the highest level of security.
Option |
Description |
---|---|
Additional Certificate Authentication Using Sterling External Authentication Server (Recommended) |
This method provides the most secure method
of certificate authentication. Configure SSL client authentication
to use Sterling External Authentication Server to perform additional authentication on the certificate.
Sterling External Authentication Server can perform the following authentications:
Choose
this option to enforce the following security policy requirements:
|
Local Certificate Authentication |
If SSL client authentication is configured, Secure Proxy requests a valid certificate from the trading partner. The certificate is validated against the trusted root. Choose this option
to enforce the following security policy requirements:
|
No Certificate Authentication |
You can configure Secure Proxy so that the remote trading partner certificate is not authenticated. Either disable SSL security or turn on SSL security but do not enforce SSL client authentication. In both configurations, Secure Proxy will not require the client to send a certificate for authentication. Choose this
option to enforce the following security policy requirements:
|