Client Certificate Based Authentication protocol
Client Certificate Based Authentication provides a strong level of security by means of two factors. Also, increasingly (with XenMobile and WorxMail scenarios), it is seen as a key enabler for SSO. The typical use case is that User devices will be provided the certificate to present automatically when accessing certain services. The client side application or browser presents the certificate, which allows the username to be extracted and either prefilled, or used for SSO to the Service.
The ports used by this protocol are typically TCP 443 or TCP 8443. The User will get prompted for a certificate by the service or NetScaler vServer. For browsers, the User experience will be similar to the following screenshot, as the browser checks with the User if it's okay to respond to the certificate request with the User's certificate:
The NetScaler can be set up by using a certificate profile, such as the following, to extract the username from the appropriate...
