Configure Client Authentication
To ensure that only trusted client applications have access to a MATLAB®
Production Server™ instance that uses HTTPS, configure the server instance to require client
authentication by setting the following properties in the
server configuration file:
ssl-verify-peer-modeconfiguration property to
Configure the server instance to use the system provided certificate authority (CA) store, a server specific CA store, or both.
Use these configuration properties to control the CA stores used by the server instance:
x509-ca-file-storespecifies a PEM-format CA store to authenticate clients.
x509-use-system-storedirects the server instance to use the system CA store to authenticate clients.
x509-use-system-storedoes not work on Windows.
Optionally configure the server instance to respect any certificate revocation lists (CRLs) in the CA store.
Specify this behavior by setting the
x509-use-crlproperty in the server configuration. If you do not set this property, the server instance ignores the CRLs and may authenticate clients using revoked credentials.
You must add a CRL list to the CA store of the server before adding the
x509-use-crlproperty. If the CA store does not include a CRL list, the server crashes.
This configuration excerpt configures a server instance to authenticate clients using the system CA store and to respect CRLs:
... --https port --x509-cert-chain ./x509/my-cert.pem --x509-private-key ./x509/my-key.pem --x509-passphrase ./x509/my-passphrase --ssl-verify-peer-mode verify-peer-require-peer-cert --x509-use-system-store --x509-use-crl ...
The server must be configured to use HTTPS in order to configure client authentication.