Certificate login authentication prevents users from logging in to CMS without having a matching personal certificate.
If enabled, when a user tries to log in, CMS sends a list of trusted certificate authorities to the user's browser. The browser selects, or prompts the user to select, a personal certificate to send back to CMS. CMS verifies the common name (CN) in that personal certificate against the user ID and username in CMS.
For CMS, you can use personal certificates stored in a Common Access Card (CAC) or a certificate store such as Microsoft Cert Store.
Using personal certificates is a requirement of JITC (The Joint Interoperability Test Command) certification. Federal and DoD (Department of Defense) employees must use personal certificates encoded and provided using a CAC.
