--- title: Certificate Collector node description: Collects an X.509 digital certificate from the request to use the certificate as authentication credentials. component: auth-node-ref version: 7.5 page_id: auth-node-ref::self-managed/certificate-collector canonical_url: https://docs.pingidentity.com/auth-node-ref/7.5/self-managed/certificate-collector.html keywords: ["Nodes & Trees", "Journeys", "Authentication", "Certificates"] page_aliases: ["auth-node-certificate-collector.adoc"] section_ids: availability: Availability outcomes: Outcomes properties: Properties --- # Certificate Collector node Collects an X.509 digital certificate from the request to use the certificate as authentication credentials. To validate the certificate, use a [Certificate Validation node](certificate-validation.html). ## Availability | Product | Available? | | ------------------------------------- | ---------- | | PingOne Advanced Identity Cloud | No | | PingAM (self-managed) | Yes | | Ping Identity Platform (self-managed) | Yes | ## Outcomes * `Collected` * `Not Collected` Evaluation continues through the `Collected` path if certificate collection is successful; otherwise, evaluation continues on the `Not Collected` path. ## Properties | Property | Usage | | ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Certificate Collection Method | Specifies how to collect the certificate from the request. Possible values are:- `Request` Look for the certificate in the request. Use this value if TLS termination happens at the container where AM runs. - `Header` Looks for the certificate in the HTTP header name specified in the HTTP Header Name for the Client Certificate property. Use this value if TLS termination happens in a proxy or load balancer outside the container where AM runs. - `Either` Looks for the certificate in the request; if AM cannot find it in the request, AM looks for the certificate in the HTTP header specified in the HTTP Header Name for the Client Certificate property.Default: `Either` | | HTTP Header Name for the Client Certificate | Specifies the name of the HTTP header containing the certificate when the Certificate Collection Method property is configured to `Header` or `Either`.Default: No value specified. | | Trusted Remote Hosts | Specifies a list of IP addresses trusted to supply certificates on behalf of the authenticating client, such as load balancers doing TLS termination.If no value is specified, AM rejects certificates supplied by remote hosts. If you specify the `any` value, AM trusts certificates on behalf of the authenticating client supplied by any remote host.Default: No value specified. |