Zoomdata Version

Configuring Client Certificate Authentication

Zoomdata supports X.509 client certificate authentication. However, note that auto-provisioning of user accounts is not available for client certificate authentication.

To use the X.509 authorization you need to:

  • Enable the X.509 option in the Security Services section
  • Configure the required properties in the zoomdata.properties file

Caveat

Zoomdata does not support auto-provisioning of user accounts for client certificate authentication.

Configuration Steps

For guidance on accessing and editing a Zoomdata property file, refer to the topic Configuring Your Zoomdata Installation.

Add the following settings to your zoomdata.properties file:

 server.port= 8443
server.ssl.enabled= true
server.ssl.client-auth= want
server.ssl.key-store= .../server.jks
server.ssl.key-store-password= <Your_password>
server.ssl.key-store-type= <use_either_jks_or_pkcs12>
server.ssl.trust-store= .../truststore.jks
server.ssl.trust-store-password=<Your_password>
server.ssl.trust-store-type= <use_either_jks_or pkcs12>

For each user, create an user account in Zoomdata with the username set to the 'CN' in the user's certificate.

Troubleshooting

Challenges you may run into:

  • User is never prompted to select a certificate:
    • Make sure you have added at least one CA to the trust-store file.
    • Verify server.ssl.client-auth is set to want.
  • Clicking login brings me back to the login page:
    • Make sure the username matches the CN of the certificate being used.
    • Make sure the client certificate is signed by a CA in the trust-store.

For further troubleshooting assistance, contact Zoomdata Technical Support.

Was this topic helpful?