Configuring X.509 client certificate authentication with i2 Analyze

You can enable your deployment to use X.509 client certificate authentication. After successful configuration, users can log in to i2 Analyze with client certificates instead of user names and passwords.

After you configure client certificate authentication, a user does not need to enter a user name and password separately. Each certificate is associated with a single user in the user registry to enable authentication. Anyone that has access to a client certificate can log in to i2 Analyze as the user associated with that certificate without entering a password.

To enable a user to log in using a client certificate, the client certificate must be installed in the user's personal certificate store on the workstation they are using to access i2 Analyze. After the client certificate is installed in the personal certificate store, the user can use the certificate to log in to i2 Analyze through Analyst's Notebook Premium.

When a user connects using Analyst's Notebook Premium, the user chooses the certificate to use to log in when they open a connection to the Information Store.

Intended audience

In the production deployment process, you might first configure client certificate authentication in the configuration or pre-production environments. As you move to a production deployment, you must replicate any configuration changes in any new deployments.

This information is intended for readers who are familiar with managing key databases and certificates, user authentication mechanisms, and the i2 Analyze toolkit.


The starting point for configuring client certificate authentication is a deployment of i2 Analyze that is configured to use Secure Sockets Layer on connections to the HTTP Server, and between the HTTP Server and Liberty. For more information about configuring Secure Sockets Layer on connections to the HTTP Server, see Configuring Secure Sockets Layer with i2 Analyze.

Attention: i2 takes reasonable steps to verify the suitability of i2® Analyze for internet deployment. However, it does not address lower-level issues such as guarding networks against penetration, securing accounts, protecting against brute force attacks, configuring firewalls to avoid DoS or DDoS attacks, and the like. For your deployment of i2 Analyze, follow industry-standard practices and recommendations for protection of your systems. i2 accepts no liability for the consequences of such attacks on your systems. This information is not intended to provide instructions for managing key databases or certificates.