2.4.2.2. Client Authentication

Follow this procedure to add client authentication to the SSL connection:

Generate client (frontend) key and certificate
On the backend, run the following script:
```
$ cd $WMR_HOME
$ bin/gen-client-cert.sh
```

Configure backend

Add the following directive to wmr-site.xml:

<property>
  <name>wmr.server.ssl.needclient</name>
  <value>true</value>
</property>

If your backend is running, restart it to reload the configuration:

$ cd $WMR_HOME
$ bin/stop-wmr.sh
$ bin/start-wmr.sh

Configure frontend
The script you ran in Step 1 should have output the path to the client key and certificate. Copy these files to the frontend's local filesystem and add the following lines to include/settings.php:
```
$wmrSSLCert = '/local/path/to/client/certificate';
$wmrSSLKey = '/local/path/to/client/key';
```
Important
The client key is like a password, and the file containing it must be kept private. When copying it to the frontend, make sure it is only readable by the webserver. You may also want to delete the original file from the backend once you have copied it.

Try submitting a job to check that everything is working properly. WebMapReduce should now be protected from unauthorized submissions.

Important