How certificate realm authentication works
You want to know how certificate realm authentication works

Upon establishing an SSL session, the user will select a certificate to send to the ProxySG. If the certificate was signed by a Certificate Signing Authority that the ProxySG trusts, then the user is considered authenticated. Note that certificate realms do not require an authorization realm, so users can be authenticated, but will not be a member of any group.

To configure certificate realm Authentication with the ProxySG, you will need to:

• Configure SSL between the client and ProxySG
• Enable verify-client on the HTTPS service
• Make sure the certificate authority that signed the client's certificates is in the ProxySG trusted list
• Create a Certificate realm
• Define the certificate realm properties
• Create CPL policies to control certificate realm authentication

Certificate realm Authentication can be configured in the Management Console by going to Configuration > Authentication > Certificate. For further assistance with Certificate settings, please refer to the Configuration and Management Guide (CMG) for the version of SGOS that you are running.