Configuring Client Certificate Authentication

Zoomdata supports X.509 client certificate authentication. However, note that auto-provisioning of user accounts is not available for client certificate authentication.

To use the X.509 authorization you need to:

  • Enable the X.509 option in the Security Services section
  • Configure the required properties in the file


Zoomdata does not support auto-provisioning of user accounts for client certificate authentication.

Configuration Steps

For guidance on accessing and editing a Zoomdata property file, refer to the topic Managing Configurations in Zoomdata .

Add the following settings to your file:

server.port= 8443
server.ssl.enabled= true
server.ssl.client-auth= want
server.ssl.key-store= .../server.jks
server.ssl.key-store-password= Your_password
server.ssl.key-store-type= use_either_jks_or_pkcs12 .../truststore.jks
Your_password use_either_jks_or_pkcs12

For each user, create an user account in Zoomdata with the username set to the 'CN' in the user's certificate.


Challenges you may run into:

  • User is never prompted to select a certificate:
    • Make sure you have added at least one CA to the trust-store file.
    • Verify server.ssl.client-auth is set to want.
  • Clicking login brings me back to the login page:
    • Make sure the username matches the CN of the certificate being used.
    • Make sure the client certificate is signed by a CA in the trust-store.
For further troubleshooting assistance, follow-up with Zoomdata Technical Support .