Page Comparison

Property

Type

Function

Mode

String

Defines the behavior when establishing a connection. The value "allowed" allows client certificates but does not explicitly request them from the other side, the value "required" explicitly requests a client certificate from the other side.

Authentication

JSON object

Defines the authentication behavior at the application level (not at the connection level). This object has only one property of type boolean with the name "Enabled". If this is set to true, the name in the certificate (subject name) automatically specifies the current user. Provided that the certificate has been successfully validated, no further input of a user name or password is required for logging in. If the client certificates come from a public certification authority, the subject name should also be checked in addition to the general validity check (via SubjectRegex) in order to block foreign client certificates at the connection level.

Validation

JSON object

This property defines the validation behavior for client certificates. It should be noted here that the validation functions of the underlying operating system are only extended by these settings. Validation is therefore initially performed by the operating system on the basis of the certificates stored there. If this validation is not successful, additional certificates can be included in the validation. Filter settings can be used to exclude certificates that are actually valid. Furthermore, an explicit check of the revocation lists can be performed, which is usually not carried out by the operating system for performance reasons. The following properties can be configured here:

CheckRevokation
A boolean value that specifies whether to check the revocation lists to reject revoked certificates.

Filters → SubjectRegex
A regular expression that can be used to define additional filtering by Subject Name.

IntermediateCertificates
An array of certificates from intermediate certificate authorities which are included in the validation if the validation by the operating system was not successful. This allows intermediate certificate authorities to be included without having to store them in the certificate store of the operating system. More information on the specification of the certificates to be used can be found below.

TrustedClientCertificates
An array of client certificates which are considered valid without further checks. More information about the specification of the certificates to be used can be found below.

TrustedRootCertificates
An array with certificates from root certification authorities which are included in the validation if the validation by the operating system was not successful. This allows root certificate authorities to be included without having to store them in the certificate store of the operating system. More information on the specification of the certificates to be used can be found below.