Configuring Client Certificate Authentication

Composer supports X.509 client certificate authentication. However, note that auto-provisioning of user accounts is not available for client certificate authentication.

To use the X.509 authorization you need to:

  • Enable the X.509 option in the Security Services section
  • Configure the required properties in the file


Composer does not support auto-provisioning of user accounts for client certificate authentication.

Configuration Steps

For guidance on accessing and editing a Composer property file, refer to the topic Configure Your Composer v6 Installation.

Add the following settings to your file:

 server.port= 8443
server.ssl.enabled= true
server.ssl.client-auth= want
server.ssl.key-store= .../server.jks
server.ssl.key-store-password= <Your_password>
server.ssl.key-store-type= <use_either_jks_or_pkcs12> .../truststore.jks<Your_password> <use_either_jks_or pkcs12>

For each user, create an user account in Composer with the username set to the 'CN' in the user's certificate.


Challenges you may run into:

  • User is never prompted to select a certificate:
    • Make sure you have added at least one CA to the trust-store file.
    • Verify server.ssl.client-auth is set to want.
  • Selecting login brings me back to the login page:
    • Make sure the username matches the CN of the certificate being used.
    • Make sure the client certificate is signed by a CA in the trust-store.

For further troubleshooting assistance, contact Composer Technical Support.