Client certificates

Your platform can be configured to be secured with a Grexx-supplied client certificate. You can configure this from the Security settings in My Grexx.

Client certificate options

There are three client-certificate-checking methods to choose from:

Required: A valid certificate is required to log in to the application. The certificate's common name or subject must match with an entry in the allow list.
Require personal: A valid personal certificate is required to log in to the application, and:
- The certificate's common name or subject must match with an entry in the allow list.
- The emailAddress field within the certificate must match the email field of the currently logged-in user.
Optional: A valid certificate is not required to access the platform but when supplied it should match one of the allowed certificates.

Common name

Use the subject or common name to allow specified certificates. You can allow multiple different certificates.

Common name is usually a string and in most cases this is a domain name.
The subject might take the form of /C=NL/L=Amsterdam/O=Grexx/CN=grexx.net.

Serial (deprecated)

This feature is deprecated. The preferred way to configure client certificates is using their common name as described above. Enter the serial(s) of the supplied certificate to allow users to access the platform.

Client certificate options​

Common name​

Serial (deprecated)​

Client certificate options

Common name

Serial (deprecated)