If the Java client sends a request to the Web server during routine operation, it also transmits the public information for its certificate. The Web server uses this information to authenticate the Java client.
The prerequisite for this is that you enter the information from the client certificate into the TREXcert.iniconfiguration file. The Web server compares the information transmitted with the information in the configuration file, and only forwards requests from clients that it recognizes. If the Web server receives a request from a client that it does not recognize, it sends the request back.
You can enter more than one client certificate into the configuration file. This is beneficial if multiple portals are accessing TREX using secure communication.
For security reasons, you should protect the TREXcert.ini configuration file with operating system methods. For example, you can dictate that only certain users can read the file.
The Web server reads the configuration file during routine operation. Therefore, the user on which the IISADMIN service and the WWW Publishing Service run needs to have read-access to the configuration file.