This page describes steps to configure Client Certificate Authentication.

Allow appropriate users to use Client Certificate Authentication.
You can use either of the following procedures:

• Changing Available Services (by Users)
• Changing Service Users (by Services)

Issue a client certificate for each user who will use Client Certificate Authentication.

1. Click the gear-shaped menu button in the header.

2. Click Users & System Administration.

3. Click Create & Download.
   

4. Select the department to which a target user belongs.
   When the target user does not belong to any department, select "Users Not Yet Assigned".

5. Select the state of the client certificate to narrow down the target users, if necessary.
   

6. Select the checkbox for the user you want.
   You can select multiple users.
   

7. Set the expiration date.
   By default, the date is set to one year later.
   

8. Select whether to revoke the existing client certificate.
   When you select "Removing existing client certificates before re-issuing them", you can no longer use the existing client certificate.

9. Click Create.

When a client certificate expires, the user can no longer use Client Certificate Authentication to access a service. When you want to continue using Client Certificate Authentication, reissue a client certificate and install it on the devices again.
Renewing Client Certificates on Devices

The client certificate is valid for a maximum of 3 years. The expiration date of a client certificate is based on the time zone of the administrator who issued the certificate.

For Safari running on iPhone, after a client certificate expires, the user might be still allowed to use a service for up to 10 minutes until the session cache expires.

This section describes the steps for administrators to install client certificates on devices.
Provide users with the following page to ask them to install their client certificate by themselves.
Installing Client Certificates on Devices

1. Prohibit users from downloading their client certificate, if necessary.
   By default, users are allowed to download client certificates.
   Preventing users from downloading their client certificates

2. Download client certificates.
   Downloading multiple users' client certificates in bulk

3. Install the client certificate.
   As for the detailed steps, refer to the following page:
   Adding a client certificate

1. Click the gear-shaped menu button in the header.

2. Click Users & System Administration.

3. Click Download Permissions.
   

4. Clear "Allow users to download their client certificates".
   

5. Click Save.

1. Click the gear-shaped menu button in the header.

2. Click Users & System Administration.

3. Click Create & Download.
   

4. Select the department to which a target user belongs.
   When the target user does not belong to any department, select "Users Not Yet Assigned" or "All Users".
   

5. Select "Valid".
   

6. Select the checkbox for the user you want.
   

7. Click Download.
   A zip file is downloaded that contains a set of the client certificate and password for the user.