The set-certificate script (located in the bin subdirectory of your EAServer installation) is required for client certificate to user name mappings. You cannot use mutual authentication in EAServer 6.0 without this mapping.
set-certificate sets mapping information for a given username
by using the keytool alias “user.” For example, user:jim@mydomain.com (or
just user:jim if “jim” is
in the “default” domain). You cannot just use keytool to directly
set up the mapping, because some mapping information is also needed in
the “default” security domain properties file.
However, you can use keytool to examine or export
the certificate after you use set-certificate for a user.
